Believe it or not, targeted and sophisticated email attacks are still the Number 1 threat resulting in cybersecurity breaches in the corporate world. According to a recent Gartner report, “through 2023, business email compromise (BEC) attacks will continue to double each year to over $5 billion and lead to large financial losses for enterprises.”
For many years, Secure Email Gateway (SEG) has been used as a critical email security tool against email attackers. Secure Email Gateway scans emails, determining whether they are phishing, spam, or malware. It either blocks, quarantines, or passes emails onto the email platform’s built-in security scan — all before they are delivered to their intended recipient.
However, as organizations move their email to the cloud (for example, Microsoft 365 or Gmail), traditional Secure Email Gateway has become less reliable as a means to protect users from email-borne threats. In this blog post, we are going to look at 5 different areas that you need to pay special attention when choosing the right email security solution to protect your organization.
1. Will Microsoft or Google’s built-in security be blocked?
When you deploy an external email gateway, you must put them on the server “Always Trust” list, disabling all built-in protections. If you do not disable the built-in Google or Microsoft protection, every single one of your inbound emails would fail authentication and be sent to the junk folder.
In cybersecurity, we know that layered security is better than a single layer. Both Microsoft 365 and Gmail include their own email security features for spam, phishing and malware protection. By implementing several independent layers, the likelihood of an attack coming through drops dramatically. While Microsoft and Google have their own vulnerabilities, it is better to augment them than disable them altogether.
2. Will the attacker bypass the email security gateway?
If you use Microsoft 365 or Gmail, you have two email domains. The first is your publicly available address which is actually an alias for the second, and the often overlooked, “internal root domain address”, that is maintained by Microsoft or Google. Attackers can simply bypass your gateway by sending email to your root domain address. Read more details on our blog post on how hackers can bypass your email security gateway.
3. Will internal email be scanned?
According to Gartner, only 7%of organizations inspect their internal email. This is despite the fact that the last five years have seen a rise in internal threat actors: growing from 20% of corporate breaches in 2015 to 35% today. Worse, Email Account Compromise is now the fastest growing threat to cloud- based suites like Microsoft 365 and G-Suite, allowing external threat actors to send emails to anyone in your organization from a compromised inbox.
Traditional Email Security Gateways are designed to monitor inbound messages and are blind to internal emails, even those with access to journal copies cannot prevent a malicious message from reaching the inbox.
4. Can the Email Gateway block a compromised email account?
In today’s business world, the insider threat is more than just email. Once the first account is compromised, an attacker does not need to use email in order to compromise others in your organization. They can utilize any of the other collaboration tools like OneDrive, Google Drive or Teams to attack other users.
While it is possible to identify a compromised account by monitoring email, a more complete and accurate method to detect a compromised account is to monitor user behaviour: from logins to chats, configuration changes to data downloads. This type of information is out of the reach of external email gateways.
5. Can the Email Gateway detect an impersonation attack?
Impersonation Business Email Compromise (BEC) attacks have overwhelmed the traditional email security providers because they don’t rely on URLs or malicious attachments to compromise a user. Instead, they use social engineering to convince the victim to wire money, send gift cards or turn over important information. With social tools like LinkedIn and Facebook, attackers now have more information about your organizations social structure than your email security vendor.
Detecting impersonate email attacks needs to understand the context for conversational history between internal users, for example, nicknames, typical conversational styles and previous email chains.
Protecting cloud-based emails like Microsoft 365 or Gmail requires more than just monitoring inbound emails. If you are using, or just considering an email security solution, check these areas and see how each solution you are considering is working. Blair Technology Solutions provides best-in-class email security tools and cybersecurity awarness programs to help you to fight security attacks and build cyber resilience. Contact us to schedule a demo.