7 Email Security Challenges Caused by Legacy Technology
As organizations have migrated to cloud-based infrastructure and office platforms like Microsoft 365 and Google Workspace, they’ve seen clear benefits: easier collaboration, greater agility, and lower costs and maintenance related to infrastructure.
However, many enterprises are still struggling to secure their data and minimize their exposure in a cloud-based environment—particularly with respect to email-borne attacks. For the last seven years, socially-engineered attacks including business email compromise (BEC) have been the leading cause of cybercrime losses, and that trend is only expected to continue.
The Need for Cloud Email Security
Email remains a primary attack vector—partially due to its ease of access and also because modern threat actors can utilize tactics that enable them to bypass traditional email security solutions like secure email gateways (SEGs).
In a recent survey of 300 security leaders:
92% of respondents had experienced at least one email-related security incident within the past year.
78% of stakeholders believe that SEGs are largely incapable of protecting modern cloud email environments.
79% of respondents think the native security capabilities of cloud email solutions like Microsoft 365 offer insufficient protection on their own.
Knowing that email-based attacks are increasing both in volume and severity and that their current solutions cannot stop them, many organizations are looking for new approaches to cloud email security. But before making any changes, it’s important to first understand how the existing technology is falling short.
Taking the time to learn about the shortcomings of legacy email systems and how they can impact your business is essential. Once you understand the problem, it’s easier to choose the right solution. Below are seven common obstacles security teams face as a result of inadequate email security solutions.
Common Email Security Challenges
Enterprises that rely on legacy email security solutions or even the newest generation of API-based products encounter various challenges due to shortcomings within the technology itself.
1. Detection Approach Lacks Internal Organizational Context
Traditional email security solutions aren’t built to analyze internal east-west email traffic between employees. They can’t ingest signals across users' identity and behavior—such as the device used, sign-on location, or authentication method—to inform their detection approach.
This means these platforms are unable to build an organizational baseline of normal business behavior to precisely detect anomalies. And when an email security solution can’t develop an organization-specific context for detection, security teams miss sophisticated lateral attacks that exploit trusted relationships between employees.
2. Security Team Lacks Visibility Into Supply Chain Risks
Legacy platforms don’t have the functionality to understand the nature of business relationships between vendors and employees or track communication frequency, invoice cadence, invoice format, or primary contacts. The solution effectively treats all communications with vendors the same, regardless of risk level.
As a result, it can’t alert security teams to signals about vendor account compromises that have impacted other enterprises. This allows attackers to infiltrate enterprises via weak links in the security posture of their vendors—defrauding employees into sharing sensitive data or paying fraudulent invoices.
3. Threat Detection Approach is Reactive Rather Than Proactive
Secure email gateways (SEGs) are designed only to detect known-bad indicators of compromise, such as malicious attachments, suspicious links, and untrusted domains. Because they can’t detect email attacks that leverage novel techniques lacking known attack signatures, SEGs can’t prevent text-based and payloadless attacks that come from known IP addresses or senders.
This forces SOC teams into a reactive posture against evolving email-borne threats and creates a burden on them to constantly create and adjust rules and policies to block new attacks.
4. Email Threats Linger in Employee Mailboxes for Too Long
A traditional email security solution may warn employees of possible threats by adding banners to suspicious emails, but it ultimately relies on end users to take the right action. Additionally, the solution sends any potential threats to an analysis queue, where they must then be manually triaged by a security analyst.
Due to its reliance on a time-consuming journaling approach, the platform is slow to inspect inbound emails and make detection decisions, meaning it post-remediates messages in minutes or hours. As a result, attacks dwell in inboxes while waiting for review by the security operations team, allowing more time for employees to engage.
5. Limited Ability to Detect Compromised Internal Email Accounts
Legacy solutions focus on detecting anomalies strictly within email content, not on user behavior. They have insufficient visibility into user identity and behavior attributes—such as impossible travel, new devices, new browsers, or new authentication methods—that can indicate a potentially hijacked email account.
The inability of the platform to automatically detect and disable compromised accounts necessitates manual review and intervention, which increases the risk of costly human error. These limitations also enable attackers to use hijacked email accounts as the tip of the spear and initiate additional attacks across the enterprise or move laterally across systems.
6. Legacy Technology Unable to Control Time-Wasting Email Effectively
Excessive promotional mail, also known as graymail, impacts productivity as employees must spend hours each week sorting these messages. This breeds inefficiencies and frustrations among employees who are forced to use quarantines and spam digests in a separate user interface to view relevant emails. It also burdens IT teams who must manually review and handle all user-reported issues.
Without effective graymail management, employees—particularly executives—lose days of productivity each year cleaning out their inboxes.
7. Cloud Email Platform Exposed to Unauthorized Access and Abuse
Traditional email security solutions utilize a narrow approach to email security that is focused only on inbound email attacks. Often, employees can access their email accounts using legacy authentication protocols, bypassing multi-factor authentication (MFA). Further, security teams have limited visibility into tenant settings and third-party application integrations that may put the organization at increased risk.
By failing to address these additional potential vulnerabilities, the platform gives attackers the opportunity to gain access to corporate infrastructure through exposed entry points.
Making the Right Security Investment
Cloud email needs cloud email security. And while every organization has different requirements when it comes to cloud email security, there is little denying that there is a need for a solution to block the increasing threat of socially-engineered attacks and other malicious emails that bypass legacy solutions.
To learn more about cloud email security and how to select the right security partner, download The Essential Guide to Cloud Email Security.