It’s well known that email is one of the most important attack vectors for corporate systems, but how do you keep up with attack developments? Mike Puglia offers some advice…
Since email was first developed in 1971, it has become increasingly critical to business operations. Today, bad actors are utilising its importance to gain access to critical systems, compromise data and threaten organizational infrastructures. The first cyber attack via email occurred in 1988, using a computer at MIT to infect systems at Berkeley, Harvard, Princeton, Stanford, Johns Hopkins, NASA and the Lawrence Livermore National Laboratory, with growing proliferation of cyber attacks in the following years. The Anti-Phishing Work Group reports there were one million phishing attacks in the first half of 2022 alone. For enterprises, this is verging on an emergency – and it underlines the pressing need to choose the right email security solution.
Why built-in security is not enough
Built-in or native email security tools such as Microsoft Defender and Google Workspace Security are generally included with email platforms and can reduce upfront security costs. But these applications have their limitations. They fail to consider businesses’ individual needs and importantly, they may not catch all threats. These tools, while providing basic defence / defense, also lack robust support and have inadequate security management features.
There are two types of email security solutions that provide an additional level of protection against malicious threats: cloud-based and on-premises. Cloud-based email security solutions keep pace with the flexible and scalable nature of the cloud, while on-premises solutions limit security measures and resources to physical office locations. To date, nearly half of all organizations have migrated to cloud-based email security thanks to the advantages this approach offers.
With cloud-based email security, dependence on internal security capabilities or a physical server is eliminated. In addition, cloud-based solutions do not require regular maintenance, upgrades or costly hardware replacements.
Artificial intelligence can greatly improve email security
Email security tools are comprised of secure email gateways (SEGs) and API-based email security. SEGs essentially place a virtual checkpoint between malicious incoming messages and a company’s email server. They are customisable to suit various organizational structures and processes, but they do depend on updated threat intelligence. Moreover, screening processes within SEGs may delay the receipt of incoming emails and the gateway often requires maintenance and configuration.
API-based email security tools, on the other hand, are designed to detect and diminish threats without delaying email traffic. They generally provide IT departments with more control and insight into the protection of their cloud-based infrastructure. These tools contain more automation capabilities than SEGs, require less maintenance and allow more seamless integration with cloud applications to maximise their effectiveness.
The addition of artificial intelligence (AI) into these security tools can further augment the protection provided, with the AI engine operating behind the scenes. It’s a field that is seeing a continuous influx of new solutions that include stronger defence against cyber attacks, increased cyber resilience and lower payroll costs. By empowering computers to act autonomously and take care of routine tasks without the need of human intervention, AI can spot cyber security threats that humans can’t, respond to breaches faster and save businesses the cost of manual security processes.
Not only is automated security up to 40 percent more effective at stopping malicious messages than a SEG or conventional security, AI-driven solutions are also much more likely to recognise a zero-day threat than conventional security tools because of their constant collection and analysis of fresh threat intelligence.
Since AI doesn’t rely on threat reports to detect vulnerabilities, AI-enabled tools can find clues fast, leading to the early detection of threats to prevent the attack. This is important when you consider that Google estimates that 68% of phishing attacks can be classified as zero-day attacks.
How to choose a solution
When looking for an email security solution that works for your organization, first ask yourself two questions:
- Does the AI solution place prominent warning banners on unexpected messages that require extra attention?
- Does the solution provide a way to quickly stop an attack in its tracks?
Once you’ve answered “yes” to these basic questions, there are also other factors to consider in a solution with AI:
- Does the solution have a built-in self-learning algorithm that is able to learn on its own without human intervention? It should gather threat data and automatically learn how to spot undetected threats and constantly improve its accuracy based on performance analysis to make tailored protection adjustments based on your company’s specific communication patterns.
- Does the tool feature thorough message system analysis to scrutinise content, spot phishing attempts and potential cyber threats? A tool that efficiently analyses the entire message to identify attacks means you can forget about old-fashioned blacklists and safe sender lists.
- What is the false positive rate? Effective solutions produce minimal false positive rates and eliminate the need for repeated threat database updates, allowing IT professionals to focus on what’s important to them instead of chasing false positives.
- Does the solution protect users from human error by reliably spotting and stopping phishing messages before they reach a user’s inbox? This added layer of protection ensures that malicious emails are not inadvertently opened: The best way to prevent employees from making a bad decision about a phishing message is to prevent that phishing message from reaching their inbox in the first place.
The good news is that advanced and effective alternatives to native email security tools are now available. These new solutions combine secure gateways, API-based security and AI functionality into one powerful layer of defence, providing reliable protection against some of today’s nastiest threats including spear phishing, business email compromise, and ransomware. They give organizations the ability to tailor their email protection to their unique business needs – drastically improving email security without adding an administrative burden.
Mike Puglia is Chief Strategy Officer & GM, Security Products, Kaseya. Mike Puglia brings over 20 years of technology, strategy, sales and marketing experience to his role as Kaseya’s chief strategy officer and general manager of security products.