What Is Email Protection?

Email Protection is a combination of security technology deployment and the training of employees, associates, customers and others in how to guard against cyber-attacks that infiltrate your network through email.

Common email threats by cyber attackers usually include sending malicious attachments or known threatening URLs to a targeted person via email. Emails from imposters, however, rely on social engineering and on busy, tired or distracted employees to get through. Typically, the attacker impersonates a top executive of the company, such as the CEO, based on the assumption that the target will be reluctant to challenge a CEO on a request, such as a wire transfer of money.

Vigilant employees are an important line of defense for protecting email against these spoof emails. They are better equipped to analyze these incoming emails, determine if they are legitimate. If they are found to be real threats, the vigilant employees can thwart them.

Email protection refers to technology designed to prevent, detect and respond to cyber-attacks delivered through email. The term covers everything from gateways email systems to user behavior to related support services and security tools. Effective email security requires not only the selection of the right products—with the required capabilities and configurations—but also having the right procedures in place.

Email protection is critical to safeguarding users, systems and data. According to Verizon’s 2020 Data Breach Investigations Report, social actions, such as credential phishing, arrived through email 96% of the time.^[1]  Malware attacks used to consist of indiscriminate, high-volume campaigns against large numbers of targets. They have since evolved into a combination of more sophisticated and targeted techniques. To achieve their goals, today’s attackers are constantly changing their tactics.

Common controls for protecting email, such as standard, reputation-based, anti-spam and signature-based antivirus, are fine for widespread attacks and scam campaigns. But they’re not good enough for protection against more targeted, sophisticated and advanced attacks. Effective email protection requires a people-centric approach.

Here are some common types of email attacks:

• Malicious email attachments: Cyber criminals may have evolved their attack methods, but some of the old methods, such as malicious attachments, still succeed. Malicious attachments can come in the form of executable files, weaponized documents (such as Microsoft Word files with a malicious macro) and malicious code hidden inside other file type.
• Malicious URLs: Cyber attackers will often include a URL that links to web-hosted malware.
• Business email compromise (BEC): BEC is a type of attack that relies on social engineering to trick the recipient into taking action—wiring money, sending sensitive information, and more.
• Email account compromise (EAC): EAC is one of the most effective approaches for attackers is to take over a legitimate email account. By gaining control of the right account, the intruder can move laterally within the victim’s network, steal data or scam business partners and customers.

Most email attacks involve some kind of identity deception, or impersonation. The attacker email may try to mimic the look of legitimate email through a range of phishing and spoofing techniques—or in the case of EAC by taking over a legitimate account. By posing as someone the recipient can trust, the attacker persuades the victim to open an attachment, click a link and more.

Research firm Gartner published the Market Guide for Email Security in June 2019. In it, Gartner noted that the transition to cloud-based email systems should prompt organizations to adopt a continuous adaptive risk and trust assessment (CARTA) mindset towards protecting their email systems from increasingly adaptive and sophisticated threats.

Gartner also urges organizations to get the most of their existing on-premise email systems by verifying and optimizing their capabilities and configurations. This kind of “gap analysis” will identify where such systems should be supplemented or replaced. To address gaps in existing security systems, Gartner recommends adding a cloud email security supplement to your existing security if the existing systems cannot be completely replaced.

Gartner also recommends investing in end-user education and adopting new standard operating procedures to protect financial and other sensitive data transactions that are often the targets of impersonation-type attacks.^[2]

Organizations first built and managed their IT systems just within the walls of their organizations—on-premises. As they migrated to the cloud, so too has their IT security.

By 2022, at least one major secure email gateway (SEG) vendor will reach “end of life” for its on-premises components, Gartner predicts in its “Market Guide for Email Security” report. In its report, Gartner also predicted that, by 2023, 65% of organizations will inspect their intradomain email traffic for advanced threats, which is a major increase from 7% in 2019.^[3]

Some organizations with unique requirements will continue to keep SEG systems on-premises, due to unique privacy, data sovereignty, legal, and network design, Gartner stated. “[But] organizations that have migrated to cloud email and those that are planning a migration are overwhelmingly choosing cloud-delivered email security products.”

Most major cloud computing environments are highly secure. But the people who use them—your users—may not be. That why today’s cyber-attacks have shifted away from infrastructure to people. And it’s why you must take a people-centric approach to email protection.

[1] Verizon. “2020 Data Breach Investigations Report.”
[2] Gartner. “Market Guide for Email Security.”
[3] Ibid.