As attacks surge, it’s time to layer up email defenses