Today’s Workforce Needs Advanced Email Protection
In the past two years, the prevalence of email-borne cyber threats—which was already high—soared to unprecedented levels. According to data from the FBI, both business email compromise (BEC) and ransomware attack volumes swelled to record highs, as did the number of reported phishing attacks.
BEC is a particularly expensive scourge. The FBI reported that losses attributable to business email compromise attacks increased by 65% from July 2019 to December 2021. Around the world, victims have incurred a total of more than $43 billion in exposed losses since 2016.
Gartner estimates that 70% of organizations had already adopted a cloud-based email solution by late 2021. As enterprises shift to the cloud, many are experiencing a mismatch between their legacy security architecture and the needs of their cloud email environment. Secure email gateways, in particular, were engineered for an on-premises world rather than today’s cloud email ecosystem.
Meanwhile, major cloud providers including Microsoft and Google have made considerable investments in improving the native capabilities of their offerings. Gartner predicts at least 40% of enterprises will use built-in capabilities from a cloud email provider in place of a SEG by 2023. That said, advanced features and controls are typically only available as an add-on or part of a higher-priced licensure tier from some vendors—and not at all from others. Further, these native security solutions tend to operate by blocking known threats, which means organizations that rely on these capabilities alone may remain vulnerable to never-before-detected threats or sophisticated social engineering and account compromise attacks.
Even as enterprises adopt more of cloud providers’ built-in email security capabilities, large numbers of email borne attacks are still circumventing enterprise defenses. This reality makes it abundantly clear that it’s now essential to implement email security solutions that are more effective and efficient than those of the past. It also requires security teams to shift their mindset, away from a rules-and-policies based approach to preventing attacks, and toward a reliance on human and behavioral analysis. Increasingly, this will mean turning to email security solutions that were designed for a cloud-first world.
Integrated cloud email security (ICES) is an emerging market category that was first described by Gartner in 2021. ICES products are cloud-native solutions that analyze email content via API connectivity so that there’s no need to change the MX records. These platforms leverage technologies like natural language processing (NLP) and behavioral artificial intelligence (AI) to detect and block the malicious emails that legacy solutions miss.
To combat tomorrow’s increasingly sophisticated cyber threats, enterprises will need this sort of innovation–either in addition to, or in place of, their current tools.
