Abstract White Corner

7 Email Security Challenges Caused by Legacy Technology

Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.

September 28, 2022

As organizations have migrated to cloud-based infrastructure and office platforms like Microsoft 365 and Google Workspace, they’ve seen clear benefits: easier collaboration, greater agility, and lower costs and maintenance related to infrastructure.

However, many enterprises are still struggling to secure their data and minimize their exposure in a cloud-based environment—particularly with respect to email-borne attacks. For the last seven years, socially-engineered attacks including business email compromise (BEC) have been the leading cause of cybercrime losses, and that trend is only expected to continue.

The Need for Cloud Email Security

Email remains a primary attack vector—partially due to its ease of access and also because modern threat actors can utilize tactics that enable them to bypass traditional email security solutions like secure email gateways (SEGs).

In a recent survey of 300 security leaders:

  • 92% of respondents had experienced at least one email-related security incident within the past year.

  • 78% of stakeholders believe that SEGs are largely incapable of protecting modern cloud email environments.

  • 79% of respondents think the native security capabilities of cloud email solutions like Microsoft 365 offer insufficient protection on their own.

Knowing that email-based attacks are increasing both in volume and severity and that their current solutions cannot stop them, many organizations are looking for new approaches to cloud email security. But before making any changes, it’s important to first understand how the existing technology is falling short.

Taking the time to learn about the shortcomings of legacy email systems and how they can impact your business is essential. Once you understand the problem, it’s easier to choose the right solution. Below are seven common obstacles security teams face as a result of inadequate email security solutions.

Common Email Security Challenges

Enterprises that rely on legacy email security solutions or even the newest generation of API-based products encounter various challenges due to shortcomings within the technology itself.

1. Detection Approach Lacks Internal Organizational Context

Traditional email security solutions aren’t built to analyze internal east-west email traffic between employees. They can’t ingest signals across users' identity and behavior—such as the device used, sign-on location, or authentication method—to inform their detection approach.

This means these platforms are unable to build an organizational baseline of normal business behavior to precisely detect anomalies. And when an email security solution can’t develop an organization-specific context for detection, security teams miss sophisticated lateral attacks that exploit trusted relationships between employees.

2. Security Team Lacks Visibility Into Supply Chain Risks

Legacy platforms don’t have the functionality to understand the nature of business relationships between vendors and employees or track communication frequency, invoice cadence, invoice format, or primary contacts. The solution effectively treats all communications with vendors the same, regardless of risk level.

As a result, it can’t alert security teams to signals about vendor account compromises that have impacted other enterprises. This allows attackers to infiltrate enterprises via weak links in the security posture of their vendors—defrauding employees into sharing sensitive data or paying fraudulent invoices.

3. Threat Detection Approach is Reactive Rather Than Proactive

Secure email gateways (SEGs) are designed only to detect known-bad indicators of compromise, such as malicious attachments, suspicious links, and untrusted domains. Because they can’t detect email attacks that leverage novel techniques lacking known attack signatures, SEGs can’t prevent text-based and payloadless attacks that come from known IP addresses or senders.

This forces SOC teams into a reactive posture against evolving email-borne threats and creates a burden on them to constantly create and adjust rules and policies to block new attacks.

4. Email Threats Linger in Employee Mailboxes for Too Long

A traditional email security solution may warn employees of possible threats by adding banners to suspicious emails, but it ultimately relies on end users to take the right action. Additionally, the solution sends any potential threats to an analysis queue, where they must then be manually triaged by a security analyst.

Due to its reliance on a time-consuming journaling approach, the platform is slow to inspect inbound emails and make detection decisions, meaning it post-remediates messages in minutes or hours. As a result, attacks dwell in inboxes while waiting for review by the security operations team, allowing more time for employees to engage.

5. Limited Ability to Detect Compromised Internal Email Accounts

Legacy solutions focus on detecting anomalies strictly within email content, not on user behavior. They have insufficient visibility into user identity and behavior attributes—such as impossible travel, new devices, new browsers, or new authentication methods—that can indicate a potentially hijacked email account.

The inability of the platform to automatically detect and disable compromised accounts necessitates manual review and intervention, which increases the risk of costly human error. These limitations also enable attackers to use hijacked email accounts as the tip of the spear and initiate additional attacks across the enterprise or move laterally across systems.

6. Legacy Technology Unable to Control Time-Wasting Email Effectively

Excessive promotional mail, also known as graymail, impacts productivity as employees must spend hours each week sorting these messages. This breeds inefficiencies and frustrations among employees who are forced to use quarantines and spam digests in a separate user interface to view relevant emails. It also burdens IT teams who must manually review and handle all user-reported issues.

Without effective graymail management, employees—particularly executives—lose days of productivity each year cleaning out their inboxes.

7. Cloud Email Platform Exposed to Unauthorized Access and Abuse

Traditional email security solutions utilize a narrow approach to email security that is focused only on inbound email attacks. Often, employees can access their email accounts using legacy authentication protocols, bypassing multi-factor authentication (MFA). Further, security teams have limited visibility into tenant settings and third-party application integrations that may put the organization at increased risk.

By failing to address these additional potential vulnerabilities, the platform gives attackers the opportunity to gain access to corporate infrastructure through exposed entry points.

Making the Right Security Investment

Cloud email needs cloud email security. And while every organization has different requirements when it comes to cloud email security, there is little denying that there is a need for a solution to block the increasing threat of socially-engineered attacks and other malicious emails that bypass legacy solutions.

To learn more about cloud email security and how to select the right security partner, download The Essential Guide to Cloud Email Security.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Types of Email Platform Attacks L1 R2
Discover the most common types of email platform attacks in your cloud network and how you can prevent them.
Read More
B 1500x1500 Lilac Wolverine L1 R1
Threat group Lilac Wolverine is fine-tuning the art of exploiting people’s willingness to help others in some of the largest gift card attacks we've seen.
Read More
B 1500x1500 Modern Email Attacks Webinar Series L4 R2
Our Modern Email Attacks series has wrapped! Here are some of the biggest takeaways from Chris Krebs, Troy Hunt, and Theresa Payton.
Read More
B 1500x1500 Gartner Insights L1 R1
See our commitment to providing our customers with the best possible solution and support with these reviews from Gartner® Peer Insights™.
Read More
B 11 14 22 SPM Launch Blog Graphics
Security Posture Management gives organizations insight into cloud configuration risks and gaps across user and app privileges.
Read More
B 11 14 22 SPM Launch Blog 2
Cloud email platforms enable better collaboration, but they also create new entry points, making sensitive data more accessible to attackers.
Read More
B 1500x1500 Q3 Ransomeware L1 R2
This post explores the continuation of the sharp decline in ransomware attacks as well as a few other notable data points from Q3 2022.
Read More
B 10 05 22 Cloud Email Security Platform Essentials
Learn the 7 key capabilities a cloud email security platform should have in order to address and resolve common email security challenges.
Read More
B 11 07 22 Valimail
Discover the benefits of a modern, best-of-breed solution to email security with Abnormal Security and Valimail’s New Partnership.
Read More