Evaluating Cloud Email Security Solutions
Published 07/18/2023
Originally published by Abnormal Security.
Written by Mick Leach.
Email is a significant target for attackers, primarily because it’s used by every member of an organization—from employees and executives to vendors and customers. The information exchanged through email can range from casual conversations to highly sensitive data. And with the emergence of public cloud services, access to an email account provides a gateway to critical business applications.
Additionally, a growing number of organizations have transitioned from on-premises email systems like Microsoft Exchange to cloud-based email platforms like Microsoft 365 and Google Workspace. This change has helped organizations increase productivity as they shift to a remote-first or hybrid work environment.
However, the cybersecurity risks of cloud email require a new type of defense—one that is different from traditional anti-malware and SEG-based protection.
In this article, we’ll explore the security challenges of cloud email, the evolution of cloud email security, and a few key things to know when evaluating cloud email security solutions.
Major Challenges of Securing Cloud Email Environments
Despite the many commercial cybersecurity solutions available to protect endpoints, systems, and data, malicious actors continue to succeed when attacking email services. In fact, it is not controversial to suggest that virtually every major cyberattack that has occurred in the past few years has involved some type of exploitable weakness in an email account or the improper use of email by some unsuspecting victim as part of the attack path.
With this in mind, below are the major security challenges that businesses of all sizes, types, and sectors must understand before making decisions about their email platform. These challenges are not theoretical but rather emerge based on more than a decade of serious global incidents—ranging from email mishandling by political operatives to phishing weaknesses that led to major enterprise breaches.
- Financial Loss Risk: The potential for direct financial loss to institutions, enterprises, and even individuals is high with respect to email security threats such as business email compromise (BEC).
- Access Risks: The potential emerges with email threats that an attacker can gain access to targeted networks and systems by compromising the email accounts of authorized individuals.
- Third-Party Risks: The risk of suppliers, partners, and other third parties being directly or indirectly compromised through email has grown, impacting the security of the entire enterprise organization.
- Disclosure Risks: Sensitive customer or employee information can be lost, stolen, or leaked through public cloud email systems whenever explicit controls are not present to prevent it.
- Integrity Risks: Information and email attachments can be modified, adjusted, or corrupted by individuals and groups with unauthorized access to the cloud email environment.
- Disruption Risks: The blocking or disrupting of an important workflow or business process step is also a major concern and can be done by manipulating fake emails to corrupt processes such as a funds transfer.
These cybersecurity challenges are significant because they remain present in most contexts, despite the many years of experience enterprise teams have in dealing with email risk. Obviously, new tools are required to address this persistent cyber risk.
The Third Generation of Cloud Email Security
Traditional email security practices have focused on filtering malicious content from inbound emails. First-generation solutions primarily removed attachments that contained malware or viruses, and this evolved into second-generation secure email gateway (SEG) systems. The use of the SEG was an important step forward in protecting email, but it has proven insufficient for most enterprise email risks in recent years as the threat landscape has changed.
To understand the third and current generation of email security, it is helpful to recognize that attacks have become even more sophisticated since the introduction of the SEG.
Threat actors have moved to highly advanced spear phishing and business email compromise attacks, which use social engineering tactics to impersonate high-profile executives, business associates, and vendors. Traditional first- and second-generation email security solutions are incapable of handling the intensity of this threat—particularly when these emails are text-based without traditional indicators of compromise.
What makes the third generation particularly useful is that organizations can choose to combine it with existing SEGs to augment protection or remove the SEG entirely and rely on the behavioral AI platform for protection. By doing so, security teams have flexibility with both budget and team bandwidth to determine which approach works best for their unique situation and end users.
While our present generation of email security has advanced considerably during the transition from early data center-hosted email to modern cloud-based email infrastructure, many organizations still lag in this transition. Therefore, they must begin to implement third-generation protection in order to stay secure against modern email attacks.
Cloud Email Security Solution Essentials
To assist with the evaluation process for cloud email security platforms, it helps to identify key functional requirements that connect with the most common enterprise use cases. The following requirements do not comprise a fully complete list, but rather serve as a starting point for locally tailored objectives:
1. Support to tailor detection to local conditions.
Each enterprise has a different network and set of assets that dictate different types of email security risks. A nuclear power company, for example, will have different email risks than an accounting firm. While most cloud-based security tools are industry-agnostic, security leaders should ensure that the vendor can meet their needs.
2. Must include third-party risk reduction.
Significant email security risks emerge from supply chain and partner channels. This is especially true for smaller organizations that may not have their own security teams or protection controls. Therefore, cloud email security solutions should have capabilities to address both internal and external threats.
3. Must shift both left and right.
Many security solutions focus on pure response to threats under the assumption that they are unavoidable. Good security platforms will actively try to prevent email threats before they occur, using machine learning to detect malicious emails that contain never-before-seen URLs or other indicators.
4. Dwell time for email threats must be addressed.
Modern cyberattacks often involve long dwell times for installed malware. Email security platforms should be cognizant of the techniques and tactics used in advanced persistent threats and have integration partners that can remediate them immediately.
5. Behavioral analytic support is required.
The need exists for algorithms that take user behavior into account when detecting threats. Biometrics in general offer excellent context for recognizing many types of advanced attacks and can be key to understanding when an internal user account has been compromised so it can be remediated immediately.
Selecting a Cloud Email Security Solution
Understanding the primary security challenges associated with cloud email, the advantages of third-generation email security technology, and the key functional requirements for cloud email security platforms can help businesses of all sizes make more impactful decisions about their security infrastructure.
For even more advice and insights as well as additional factors to consider as you assess your email security capabilities, download the Enterprise Buyer’s Guide for Cloud Email Security Solutions. The guide explores cyber risks that are not addressed by cloud email providers’ native security, requirements to include in your security planning, and questions to ask providers of modern cloud email security solutions.
Related Articles:
10 Fast Facts About Cybersecurity for Financial Services—And How ASPM Can Help
Published: 12/20/2024
Decoding the Volt Typhoon Attacks: In-Depth Analysis and Defense Strategies
Published: 12/17/2024
Threats in Transit: Cyberattacks Disrupting the Transportation Industry
Published: 12/17/2024
Achieving Cyber Resilience with Managed Detection and Response
Published: 12/13/2024