Email Protection 101: How To Protect Your Organization’s Email

Email is frequently the entry point or delivery method for dangerous cyberattacks. Business email compromise is one of the costliest cyberattacks targeting organizations of all sizes across all industries.

A successful email attack can install ransomware, steal credentials, or trick an employee with a fake invoice. And these social engineering attacks are growing in frequency and cost as attackers innovate. Organizations need modern email protection software and processes to thwart these suspicious emails.

Enterprise email protection requires a multifaceted approach that includes the following:

1. Have email security software and architecture in place that identifies and blocks malicious emails before they land in an inbox. Common email security architecture types include:

   • Secure email gateways (SEGs)

   • Built-in security from email providers like Google and Microsoft

   • Cloud email security that augments or replaces SEGs and native email provider security.

2. Create a corporate email policy that includes usage guidelines, remediation procedures, and a formal response framework in place for any email attacks.

3. Adopt email safety best practices at corporate and end-user levels, including:

   • Email authentication protocols like SPF, DKIM, and DMARC

   • Strong password requirements

   • Email encryption

   • Multi-factor authentication for all logins

   • Zero trust security architecture

There are several branches of email protection all designed to stop specific threats. Organizations must implement a multi-layered approach to protect their data, network, machines, and users. There are many wide-ranging solutions to create a holistic email protection strategy. Some of these include:

• Inbound email security: These email protection services scan incoming emails–external or internal–for suspicious requests that can indicate BEC, credential phishing, and other email-based attacks.

• Account takeover protection: Compromised accounts from internal employees or external vendors are entry points for dangerous email attacks. Comprehensive email protection must include account takeover protection.

• Spam filters: Spam filters are a type of email filtering used to detect malicious unsolicited emails and block them from getting delivered.

• Graymail filters: While not malicious, graymail harms productivity by clogging up employee inboxes with unneeded emails. Graymail filters can detect and automatically label these emails.

• Antivirus software: Malware is commonly delivered via email attacks, so virus detection is a vital part of email security architecture.

• Data loss prevention (DLP): DLP works to prevent unauthorized access to data and stop information from getting sent outside the network via email. It’s necessary to identify a data breach or leak.

While this is only a partial list of tools to use, following best practices and updating technology is an important part of protecting inboxes in real-time.

An organization's security needs may change depending on how its network and mail flow are set up. Let's review some different scenarios and what security they necessitate.

Enterprise email servers were traditionally hosted and maintained on-premises, at a centralized location. This meant companies were in charge of purchasing and maintaining their own hardware, updating software, and ensuring connectivity between servers. On-premise email systems are often expensive and difficult to maintain, and on-prem email security leaves gaps.

Organizations are shifting en-masse to cloud email–Gartner says “more than 85% of organizations will embrace a cloud-first principle by 2025.” This shift includes mass adoption of cloud email services for scalability and easier maintenance. There’s a mismatch between legacy security architecture and the burgeoning cloud services environment.

This has changed the email security landscape, as security requirements differ for on-prem and off-prem servers. A secure email gateway (SEG) was the primary form of on-prem email protection, monitoring emails for potential threats. But a SEG is no longer enough.

Secure email gateways are traditionally one of the most common email security tools. But SEGs haven’t kept up with the changing modern landscape of cyberthreats. A SEG relies on known threat indicators like suspicious attachments and unknown URLs. They struggle to detect social engineering approaches used in BEC and supply chain attacks. Our email security trends survey found that 78% of respondents believe SEGs aren't capable of protecting a modern cloud email environment.

Cloud email requires cloud email security, either as a built-in feature from the provider, a stand-alone product, or a combination. Cloud email providers have native security features to protect against threats like malware, phishing, and spam emails, and third-party email security companies can fill gaps. This ensures organizations have the tools they need to protect their inboxes from modern threats.

Popular cloud-based email providers like Google and Microsoft have native email security built into their email servers. However, their built-in security isn’t enough to withstand the broad range of sophisticated email attacks enterprises face. And they lack advanced features that like automation that administrators in a large organization may require.

Native email security can be enhanced by integrated email cloud security (ICES) to catch additional attacks and simplify remediation.

Current email security is lacking. This year’s FBI internet crime report finds that business email compromise is, once again, the most expensive cybercrime. It cost organizations a whopping $2.4 billion in 2021, an annual increase of 28%.

As enterprises turn to the cloud for their email needs, there’s a disconnect between their new cloud email environment and their legacy security architecture. That’s why attacks like BEC thrive.

Many organizations previously relied on secure email gateways (SEGs) to keep malicious emails out of employee inboxes. But the secure email gateway is no longer enough as enterprises shift to cloud email and attackers use new tactics. Our 2022 report on email security trends shows the shift in thinking, highlighted by these findings from 300 security leaders:

• 92% of respondents experienced at least one email-related security incident within the last year

• 78% of respondents believe that SEGs are largely incapable of protecting modern cloud email environments

• 79% of respondents say that native security from cloud email providers offers insufficient protection on their own

In short: standard email protection solutions like SEGs and provider-native email security aren’t enough to stop advanced email attacks.

Abnormal fills the gap left by existing email protection products. Using AI to baseline employee email habits, understand context and intent, and monitor internal traffic, Abnormal detects:

• Compromised vendors sending fraudulent invoices

• Internal accounts being accessed from a new location

• Phishing emails with a suspicious tone and unusual requests

Leveraging technology like AI and NLP is the modern way of combating modern email threats. Without it, your traditional email security can't read between the lines and detect malicious emails.

Ready to enhance your email security and protect your organization from modern email threats? Get a demo to see how Abnormal Security can improve your security.