5 minute read
Vendor Showcase
by Secon
Six questions with Sudeep Venkatesh, Chief Product Officer, Egress
1. How has the email security landscape transformed in the last decade and what are the key challenges faced today?
Advertisement
The email security landscape has changed massively over the last decade – driven by both digitalisation and the change in the way we use email, and by the ever-increasing sophistication of targeted attacks by cybercriminals. Email is the most popular business communication tool for employees – especially after such a sustained time of remote working – and 80% use it to share confidential information. This usage has widened the surface area for risk of inadvertent loss and people breaking the rules and taking risks when sharing data. Additionally, people are targeted daily by sophisticated phishing and impersonation attacks that can be incredibly difficult to employees to spot on their own.
Email security technology has had to innovate and adapt to mitigate these risks. Traditional technologies that rely solely on static rules and policies simply can’t adapt to the changes in user behaviour that can lead to data loss or detect attacks unless they’ve been pre-programmed. Instead, organisations are turning to advanced solutions that use intelligent technologies, like contextual machine learning, to actually mitigate risk and prevent breaches.
2. With email security solutions being a high priority for organisations, why is email phishing still responsible for 91% of the breaches?
For two reasons. The first is that people will always be vulnerable to making mistakes – such as replying to spear phishing emails or clicking on malicious links. If you’re tired, busy, stressed and you see an email that for all intents and purposes seems like it comes from your CEO or CFO, there’s every chance you’re going to do what is being requested and move onto your next task without realising you’re causing a breach of security. We can’t train human error away, so we have to turn to technical solutions.
Which brings us to the second reason: traditional solutions haven’t been successful in preventing people from falling victim to these attacks. Unlike advanced technologies, they’re not able to respond dynamically to the changing threat – for example, as a user goes to respond to a phishing email with the CEO’s correct display name but sent from ceo@ connpany.com, not ceo@company.com. If nothing else about the email triggers a static rule, they won’t be able to intelligently detect the threat and provide a meaningful prompt to the user, essentially flagging ‘this isn’t the person you think it is!’.
3. Why do organisations need email encryption with data loss prevention being in place?
The first step is making sure that an email is being sent to the correct recipient(s) with the right documents attached – that’s the data loss prevention. Prevention alone, however, isn’t enough to keep data secure at all times.
Sensitive data, like personal information or corporate IP, must be encrypted as it’s shared via email. This protects it from interception during transmission, and with message-level encryption, you’re able to control what recipients can do with the information that’s shared with them, such as preventing them from forwarding emails or printing sensitive data, and exposing it to unauthorised access. This is incredibly important for data controllers’ compliance with regulations like GDPR. One-fifth (18%) of organisations’ email data loss incidents originate within their supply chain, so it’s critical to take the necessary steps to ensure data is handled correctly at all times.
4. Organisations are primarily concerned about external email hacking, should they worry about their internal users and why?
Yes. Insider risk is the biggest security threat that organisations face on a daily basis. Hacks hit the headlines, particularly if, as we’ve seen in recent weeks, if they’re highly politicised. And of course, they can be incredibly damaging.
However, insider data breaches happen with much higher frequency – in fact, research shows an outbound email data breach occurs every 12 working hours per organisation. These incidents cover by this research include misdirected emails, attaching the wrong files, replying to spear phishing attacks, not using Bcc, not encrypting sensitive data, and intentional exfiltration. While email is the largest risk vector when we consider firstly how people prefer to share data and secondly how attackers prefer to target them, these findings don’t cover other ways data can be inadvertently and intentionally leaked. Remote working, for instance, has led to an increase in digital communication across the board – not just for email, but also use of Teams and WhatsApp to video conferencing. Each channel amplifies insider risk and opens organisations up to a breach if they’re not appropriately secured.
5. With Business Email Comprise being on the rise, how can organisations combat this challenge to protect their brand?
BEC attacks are successful because the originate in human error – an employee is the victim of an attack in which they disclose their credentials and their account becomes compromised. As we touched on before, the approach to mitigating this risk also includes training and awareness about issues like safeguarding credentials and only entering them into approved, company-owned systems/applications, as well as good password security, such as not reusing passwords. This education and awareness must then be combined with advanced solutions that can intelligently detect the original attack before human error comes into play – because as we know, people will always make mistakes.
Should an incident be identified, organisations then need to ensure they swiftly conduct forensic breach analysis to determine the extent of the incident so they can fully remediate it, as well as ensure employees are forced to change their passwords to stop the same leaked credentials leading to further incidents.
6. How do organisations that operate on a Business to Consumer model, face the challenges caused email encryption?
Recipient friction has always been a problem with traditional approaches to email security because they take a one size-fits-all approach to authentication, regardless of how trusted the recipient is, the sensitivity of the data being shared and the context in which it’s being shared. Again, contextual machine learning can solve this problem. It can assess the risk to data in real time, reducing authentication friction where the risk is low – for example, a trusted recipient authenticating from a known IP address for data of low sensitivity – and dynamically dial that friction up should any factor increase the risk profile or if the data is more sensitive in nature, including enforcing multi-factor authentication.
