IT Focus Area: security
July 14, 2020
Level Up! How Effective Is Your Email Security Strategy?
We all use email to communicate in and out of the office every day. It also happens to be where your business network is most vulnerable to malicious attacks. New, smarter attack schemes are being launched every day, and keeping your protections up-to-speed can be a challenge, leaving you vulnerable.
The ease of use and cost-efficiency of Office 365 still reigns supreme. More and more organizations continue to lean on O365 for consistency and fast response capability. However, Microsoft’s Advanced Threat Protection (ATP) is not included with an E1 or E3 subscription, and the level of protection those subscriptions do provide isn’t very comprehensive. Adding ATP can be done at $2/user/month, or by upgrading to E5 at $35/user/month. Third-party solutions will generally be less expensive and are typically more effective at identifying email threats before and after email delivery.
Recent research by an email security vendor showed that Microsoft can take up to 250 days to create and push signatures for new credential phishing campaigns.
Business pressures encourage vendor/manufacturer consolidation wherever possible, but the reality is that single-vendor platforms often lack technical depth and breadth to address modern email security concerns. Many businesses have realized, often through painful experience, that a layered, defense-in-depth approach to email security is necessary to prevent, detect and respond to email threats.
How to evaluate your email security program
How are you evaluating your current email security strategy to understand any gaps that may exist? We suggest understanding your email security practices through the following three lenses:
1. Technical level
What is your advanced threat detection capability at the technical level? To answer this question, you'll need to answer several others:
- How many credential phishing messages are you catching?
- How many malware messages are you catching?
- How many business email compromise (BEC) messages are you catching?
- How do you know what is currently being missed?
- Do you have protections in place to identify and block email impersonation across your entire email ecosystem (including partners and customers)?
- How many complaints do you get from users related to spam and threats?
If the answer is too many, evaluate your current email security practices to identify opportunities for reducing organizational risk.
2. Operational level
At the operational level, rapid detection and response are everything. Consider how well your program is performing in this area by answering the following questions:
- How long does it take for users to report a suspicious message after it’s delivered?
- How long does it take you to triage those reports?
- How long does it take you to validate whether a reported message is a threat?
- How long does it take you to track down every instance of that message across the organization and remove them from inboxes?
- Can you track whether or not users interacted with that message’s payload?
Many vendors can’t keep up with how quickly these new advanced threats are emerging, putting your data, intellectual property and users at stake. When a vendor falls short of providing continuous evolving threat protection, you essentially have three options:
- Replace the solution—which can be expensive
- Wait until the vendor catches up—which is dangerous
- Add an additional solution that sits on top of your current solution—which is generally the direction taken, but not a perfect solution necessarily
The right option for your security strategy is going to depend on your organization’s unique needs and use cases. Evaluating the effectiveness of your current email security solution against your needs can be difficult. In this case, it’s recommended to work with a solution provider with the skills and expertise to design an integrated email security strategy that can protect your organization at the most vulnerable threat vector.
3. Awareness Level
In today’s email-dominated threat landscape, educating your people is crucial to minimizing your business’s susceptibility to threats.
- Are employees educated on how to avoid falling into a phishing or malware trap?
- How do you test them?
- How often do you test them?
- Are they trained to follow best practices when sending or opening an email?
- Do you track and analyze user behavior to identify when an account may be compromised?
Implementing and maintaining ongoing education is an important step in establishing longterm success for an email security program.
Assess and correct security gaps
Email as a threat vector is responsible for the vast majority of data breaches over the past several years. Focusing on email as a strategic security initiative will reduce risk across your organization.
To build a better email security program, begin with a comprehensive assessment of your current state. Understanding and correcting gaps in your protection strategy, operational capabilities and employee education will greatly reduce the likelihood of a data breach.