by John Randall, VP Product Management, EdgeWave
Winning the battle for the inbox
For virtually everyone, email is the primary way of connecting and doing business. However, as we all know, the inbox isn’t as safe as it once was. All sorts of bad actors are increasingly competing to penetrate into users’ inboxes and exfiltrate confidential information, or launch nefarious links or code that enable them to open backdoors into critical systems and data.
As email threats become more and more targeted and sophisticated, the challenge to protect inboxes has taken on a whole new level of complexity. Even as recently as a few years ago, all an organization had to do was deploy an email gateway to filter out spam, malware, and other inbox invaders. Done.
Unfortunately, the game has changed. Today’s advanced, socially engineered email threats blow right past traditional gateways and attack users in a variety of ways with spear phishing, Business Email Compromise (BEC), ransomware and more. An email security gateway is no match for these attacks. Consequently, users are being conned, spoofed and deceived more than ever, and it’s costing businesses billions of dollars a year in damages.
The reality of today’s email threat landscape.
Recently, we conducted a survey of over
300 IT security professionals, from CISOs to infosec administrators. While we asked a number of questions, several key points stood out. More than 80 percent of participants said they were “confident” or “very confident” that traditional email gateways will protect their organizations from targeted email attacks. Yet a substantial percentage — 42 percent
— also reported that their organization fell victim to a recent phishing attack. That’s quite a disconnect.
In another contradictory finding, the survey revealed that the majority of IT professionals aren’t confident in employees’ ability to spot or flag malicious emails, even though over 70 percent of responders reported that their organizations had conducted security awareness training during the previous 12 months.
The survey results are a wake-up call, revealing a significant disconnect between IT professionals’ confidence in their existing email security strategy and the realities of the threat landscape. These survey findings also serve as a call to action, underscoring the need for IT professionals to honestly assess their current email security measures and take steps to achieve a modern email security posture.
Is Security Awareness Education the answer? Several years ago, security awareness education became the defacto “next step” in tightening inbox security. Since users are on their own with email, training helps users spot or flag suspicious emails so they can send them to their IT department to investigate. Education is always a good thing, and many companies have seen some benefit from the investment. However, education alone is not enough. In fact, the 2018 Verizon Data Breach Investigations Report states that despite significant investments in Security Awareness Training, users only reported 17% of phishing campaigns. Which isn’t surprising when you consider our always-connected, always- emailing workforce. Employees today are far more distracted than ever, and that presents even more risk as users email from mobile devices at all times day and night. Clearly, with over 90% of data breaches starting from an email attack vector, organizations today need to drastically change how they think about email security.
Next-generation email security is needed. For the past two years, EdgeWave has been committed to helping better protect users and data with advanced email security solutions beyond the traditional gateway. We launched our Email Security Platform in 2018 with a mission— Delivering the World’s Safest Inboxes™. At its heart are three essential elements:
1.Predelivery Protection with a modern gateway solution: The best defense is a good offense, and predelivery measures can stop attacks before they start. The right predelivery protection via an email security gateway is still effective at stopping broad-based malicious campaigns (though limited in prevented highly targeted phishing emails, which is why a multi-layered email security posture is required). A modern email gateway should stop threats from reaching the inbox without tying up IT Look for a comprehensive email security gateway that addresses the most advanced threats while keeping false positive rates low.
An ideal predelivery solution is also capable of stopping zero-minute attack can do there merging threats without hampering the flow of legitimate email. Look for a sophisticated solution that integrates machine learning and multi-engine scanners with human analysis.
2.Postdelivery Detection: The most sophisticated anti-phishing strategy includes postdelivery detection that automates threat resolution right inside the user’s inbox. With this approach, if an attack gets through the predelivery defenses and the employee submits the suspicious email for review, the postdelivery detection technology routes the email through machine learning filters and subjects it to expert human analysis automatically— without ITor
A truly groundbreaking innovation, postdelivery detection can dramatically reduce vulnerability to data breaches. It’s only possible with a threat mitigation solution that features a human layer of analysts to review and categorize email-borne attacks 24/7 to augment the work of advanced threat filtering engines.
3.Incident Response with Global Remediation: An advanced postdelivery detection solution can automatically quarantine, analyze and remove malicious emails from an employee’s But a broader incident response capability is needed to reduce dwell time for email attacks and phishing threats since attacks often target multiple users. A 2018 Ponemon Institute study found that the current dwell time has actually increased to 197 days from 191 last year. The mean time to contain the threat is longer as well, rising to 69 days from 66. It takes organizations nearly nine months to mitigate risk and get back to business as usual. As timeframes extend, the damage and costs associated with breaches increase.
An advanced incident response capability reduces the odds that a malicious email will be clicked on or receive a response from an employee. Look for an incident response solution that automatically removes multiple instances of a targeted attack across an organization.
“As attacks become more sophisticated, even email security gateways with advanced features find it impossible to detect threats 100 percent of the time. That’s why a predelivery, postdelivery and incident response approach is a must.”
IDC Technology Spotlight
The time is now. The traditional gateway is no longer enough. And Security Awareness Training relies too heavily on making each user an expert at recognizing advanced phishing techniques. Lastly, based on our research there appears to be overconfidence on the part of IT professionals that they are sufficiently protected standing pat, which is clearly not the case. Protecting the inbox takes a defense-in-depth approach, and that starts by adding postdelivery detection and incident response capabilities on top of your email gateway. This approach will help you get the heightened risk of phishing attacks under control once and for all.
About the Author
Mr. Randallbringsover 25 years of cybersecurity and technology experience. As the Vice President of Product Management, Mr. Randall is responsible for developing both product innovations and solutions strategies to help EdgeWave customers protect their organizations from the latest security threats.
Mr. Randall brings deep technical and market expertise driven by his diverse background. His past experience includes roles as Director of IT providing internal security services as well as overseeing key relationships with multiple security vendors. Prior to joining EdgeWave, Mr. Randall has also held several leadership positions, most recently with Trustwave and Websense, across both Product Management and Product Marketing.