Email security is a significant and ongoing concern due to the widespread use of email for communication, both in personal and professional settings.
According to Proofpoint, a leading global security provider and the third-largest email scanning platform in the world, approximately 3.1 billion domain-spoofing emails are sent daily, and more than 90% of major cyberattacks are initiated by a single email.
The monetary impact that compromised emails have caused to the global economy is estimated to be $31 billion since 2016.
The size of the email security problem can be assessed through various factors:
Volume of emails – Billions of emails are sent daily, making it a prime target for cyberattacks. With such a massive volume, filtering out malicious emails and effectively protecting against threats becomes challenging.
Phishing attacks – Phishing emails are a major email security threat. Cybercriminals send fraudulent emails, often mimicking trusted entities, to trick recipients into revealing sensitive information or clicking on malicious links. Phishing attacks continue to evolve and become more sophisticated.
Malware distribution – Email is a common vector for distributing malware, such as viruses, ransomware, and trojans. These malicious attachments or links can compromise the security of individuals and organisations.
Data breaches – Email often contains sensitive information, making it a target for data breaches. When email accounts are compromised, it can lead to the exposure of personal or corporate data.
Spam – While not always as harmful as other threats, spam emails clog inboxes and can be a nuisance. Spam filters are necessary to reduce clutter, but they don’t catch everything.
Business email compromise – BEC attacks involve cybercriminals impersonating executives or employees within an organisation to manipulate others into making fraudulent transactions or revealing sensitive data. These attacks can result in significant financial losses.
Regulatory compliance – Many industries and regions have strict regulations regarding email security and the protection of sensitive data. Non-compliance can lead to legal consequences and fines.
Remote work and BYOD (Bring Your Own Device) – The rise of remote work and the use of personal devices for work-related tasks have introduced additional challenges for email security. Securing email access on various devices and networks is essential.
Advanced threats – Advanced persistent threats (APTs) and zero-day vulnerabilities are used by well-funded and highly skilled attackers to bypass traditional security measures, making email security even more challenging.
Human factor – Human error remains a significant contributor to email security issues. Clicking on suspicious links, falling for phishing scams, and using weak passwords are common mistakes that can compromise email security.
To address the size of the email security problem, organisations and individuals must employ a combination of technical solutions (e.g., email filtering, encryption, multi-factor authentication), cybersecurity best practices, and user education and awareness programs.
One new approach is to test a current email security system against another. To benchmark, you run another email security system in parallel and see how many bad emails the incumbent application had let through. In this way, it gives evidence of either a healthy system in situ or for the business the justification to make a change. But this ‘parallel’ running needs to be decided way before any existing system comes up for renewal for two reasons: firstly, the current contract might have a three-month termination clause, and secondly, any new system will need to start to learn your organisation’s email content so it can recognise normal patterns which in another organisation might look odd. Such tests work on cloud email services such as MS365 or any on-site systems.
The testing mechanism is an interactive web tool that produces an email threat readiness report and benchmarks against peers. The analysis highlights the volume of emails scanned, emails blocked by the current system, and emails the new system would have stopped.
The outcomes of the report are:
• Understand your risk posture and uncover threats that the current email security solution is missing
• Gain visibility into who is being targeted: Very Attacked People (VAPs)
• Run targeted security awareness training programs based on evidence
• Better protect the organisation with web and email isolation
These tools are quick to use, only five minutes to complete for the web version API, and they provide a full report with easy-to-implement tips to improve the organisation’s security program.
Obviously, the greater the volume of emails being received, the higher the percentage detected, but remember, it takes only one rogue email to get through to cause a mountain of grief!
Email security will continue to be a dynamic and evolving challenge as cyber threats and technology change over time. Given these factors, it’s clear that email security is a substantial and complex problem that requires ongoing efforts in education, technology, and policy implementation to mitigate risks and protect individuals and organisations from email-related threats.