Vendor Showcase:
Six questions with Sudeep Venkatesh, Chief Product Officer, Egress
1
How has the email security landscape transformed in the last decade and what are the key challenges faced today?
The email security landscape has changed massively over the last decade – driven by both digitalisation and the change in the way we use email, and by the ever-increasing sophistication of targeted attacks by cybercriminals. Email is the most popular business communication tool for employees – especially after such a sustained time of remote working – and 80% use it to share confidential information. This usage has widened the surface area for risk of inadvertent loss and people breaking the rules and taking risks when sharing data. Additionally, people are targeted daily by sophisticated phishing and impersonation attacks that can be incredibly difficult to employees to spot on their own. Email security technology has had to innovate and adapt to mitigate these risks. Traditional technologies that rely solely on static rules and policies simply can’t adapt to the changes in user behaviour that can lead to data loss or detect attacks unless they’ve been pre-programmed. Instead, organisations are turning to advanced solutions that use intelligent technologies, like contextual machine learning, to actually mitigate risk and prevent breaches.
10
2
With email security solutions being a high priority for organisations, why is email phishing still responsible for 91% of the breaches?
For two reasons. The first is that people will always be vulnerable to making mistakes – such as replying to spear phishing emails or clicking on malicious links. If you’re tired, busy, stressed and you see an email that for all intents and purposes seems like it comes from your CEO or CFO, there’s every chance you’re going to do what is being requested and move onto your next task without realising you’re causing a breach of security. We can’t train human error away, so we have to turn to technical solutions. Which brings us to the second reason: traditional solutions haven’t been successful in preventing people from falling victim to these attacks. Unlike advanced technologies, they’re not able to respond dynamically to the changing threat – for example, as a user goes to respond to a phishing email with the CEO’s correct display name but sent from ceo@ connpany.com, not ceo@company.com. If nothing else about the email triggers a static rule, they won’t be able to intelligently detect the threat and provide a meaningful prompt to the user, essentially flagging ‘this isn’t the person you think it is!’.
SECON CYBER
