What Is Email Protection?
Email Protection is a combination of security technology deployment and the training of employees, associates, customers and others in how to protect email and guard against cyber attacks that infiltrate your network through email.
Cyber attackers usually operate by sending malicious attachments or known threatening URLs to a targeted person via email. Emails from imposters, however, rely on social engineering and on busy, tired or distracted employees to get through. Typically, the attacker impersonates a top executive of the company, such as the CEO, based on the assumption that the target will be reluctant to challenge a CEO on a request, such as a wire transfer of money.
Vigilant employees are an important line of defence against these spoof emails. They are better equipped to analyse these incoming emails, determine if they are legitimate. If they are found to be real threats, the vigilant employees can thwart them.
Common Threats and Viruses in Email Security
Email protection refers to technology designed to prevent, detect and respond to cyber attacks delivered through email. The term covers everything from email gateway systems to user behaviour to related support services and security tools. Effective email protection requires not only the selection of the right products—with the required capabilities and configurations—but also having the right procedures in place.
Email protection is critical to safeguarding users, systems and data. According to Verizon’s 2020 Data Breach Investigations Report, social actions, such as credential phishing, arrived through email 96% of the time.1 Malware attacks used to consist of indiscriminate, high-volume campaigns against large numbers of targets. They have since evolved into a combination of more sophisticated and targeted techniques. To achieve their goals, today’s attackers are constantly changing their tactics.
Common email security controls, such as standard, reputation-based, anti-spam and signature-based antivirus, are fine for widespread attacks and scam campaigns. But they’re not good enough for protection against more targeted, sophisticated and advanced attacks. Effective email protection requires a people-centric approach.
Here are some common types of email threats:
- Malicious email attachments. Cyber criminals may have evolved their attack methods, but some of the old methods, such as malicious attachments, still succeed. Malicious attachments can come in the form of executable files, weaponized documents (such as Microsoft Word files with a malicious macro) and malicious code hidden inside other file type.
- Malicious URLs. Cyber attackers will often include a URL that links to web-hosted malware.
- Business email compromise (BEC). This type of attacks relies on social engineering to trick the recipient into taking action—wiring money, sending sensitive information, and more.
- Email account compromise (EAC). One of the most effective approaches for attackers is to take over a legitimate email account. By gaining control of the right account, the intruder can move laterally within the victim’s network, steal data or scam business partners and customers.
Most email attacks involve some kind of identity deception, or impersonation. The attacker email may try to mimic the look of legitimate email through a range of phishing and spoofing techniques—or in the case of EAC by taking over a legitimate account. By posing as someone the recipient can trust, the attacker persuades the victim to open an attachment, click a link and more.
Gartner's Recommendations for Email Protection
Research firm Gartner published the Market Guide for Email Security in June 2019. In it, Gartner noted that the transition to cloud-based email systems should prompt organisations to adopt a continuous adaptive risk and trust assessment (CARTA) mindset for protecting their email systems from increasingly adaptive and sophisticated threats.
Gartner also urges organisations to get the most of their existing on-premise email systems by verifying and optimizing their capabilities and configurations. This kind of “gap analysis” will identify where such systems should be supplemented or replaced. To address gaps in existing security systems, Gartner recommends adding a cloud email protection supplement to your existing security if the existing systems cannot be completely replaced.
Gartner also recommends investing in end-user education and adopting new standard operating procedures to protect financial and other sensitive data transactions that are often the targets of impersonation-type attacks.2
Cloud Email Protection Vs. On-Premise Tools
Organisations first built and managed their IT systems just within the walls of their organisations—on-premises. As they migrated to the cloud, so too has their IT and email security.
By 2022, at least one major secure email gateway (SEG) vendor will reach “end of life” for its on-premises components, Gartner predicts in its “Market Guide for Email Security” report. In its report, Gartner also predicted that, by 2023, 65% of organisations will inspect their intradomain email traffic for advanced threats, which is a major increase from 7% in 2019.3
Some organisations with unique requirements will continue to keep SEG systems on-premises, due to unique privacy, data sovereignty, legal, and network design, Gartner stated. “[But] organisations that have migrated to cloud email and those that are planning a migration are overwhelmingly choosing cloud-delivered email security products.”
Most major cloud computing environments are highly secure. But the people who use them—your users—may not be. That why today’s cyber attacks have shifted away from infrastructure to people. And it’s why you must take a people-centric approach to email protection.