Why email security is still the elephant in the room for cybersecurity

Niall Mackey of TopSec says there is an alarming gap in knowledge about the dangers of cyber attacks on email systems

In the world of cybersecurity, as intricate as a spider web, a pressing issue often overlooked by Chief Information Security Officers (CISOs) is the efficacy of email security measures.

The majority of CISOs have implemented some form of email security, but a crucial question looms large: is it truly effective? This uncertainty represents a significant blind spot in cybersecurity strategy.

The Gap in Email Security Knowledge

The reality is that many CISOs are unable to gauge the actual effectiveness of their email security protocols.

They are often at a loss when asked about the adequacy of their existing measures in combating threats. This gap in knowledge is alarming, especially considering that a large proportion of cyber attacks are initiated through emails. (91% of all cyber attacks come through email according to a report by Deloitte.)

Yet, the depth of these threats remains a mystery to many in charge of securing digital communication channels.

Misconceptions and Underestimations

 One of the challenges in addressing email security lies in the assumption that email systems, particularly those integrated within widely-used platforms like Microsoft Office 365, are inherently secure or “sufficiently” so.

However, without a dedicated team analysing logs, managing dashboards and scrutinising incoming traffic, the true extent of email threats remains hidden.

And assumptions can cost organisations dearly.

Email Security: Not a Priority?

Ironically, despite the pivotal role of email in daily communications, email security does not command the same attention as other more ‘glamorous’ areas of cybersecurity, such as cloud technologies or DevSecOps.

This oversight is partly because email, a decades-old technology, is often underestimated in terms of the potential severity of threats it can harbour.

For CISOs actively seeking to fortify their email security stance, challenges still persist. Often, the tools and dashboards available do not provide a comprehensive overview of the email threat landscape.

Consequently, understanding and articulating the nature and magnitude of these threats becomes a complex task.

The Cost of Inadequate Email Security

Moreover, the resource implications of inadequate email security are substantial.

Prior to implementing robust email security measures, organisations can find a significant portion of their operational time consumed in managing email-related issues.

Enhancing email security can thus lead to notable efficiency gains and resource optimisation.

Strategies for Enhancing Email Security

To strengthen email security, a multifaceted approach is essential.

Automating as much of the email security process as possible is a critical step. However, it’s equally important to ensure that these automated solutions complement and enhance the basic security provided by cloud services.

Implementing inline solutions is also key, as they can proactively prevent threats from reaching user inboxes.

While frameworks and best practices like those from NIST provide guidance on email security, there is no one-size-fits-all solution.

Security leaders should evaluate their unique needs, potentially considering separate vendors for email clients and security solutions or adopting a layered security approach.

Elevating Email Security in Cybersecurity Discourse

In conclusion, despite its recognition as a priority at cybersecurity conferences and in professional discourse, effective email security implementation remains elusive for many organisations.

The need for comprehensive solutions that not only prevent threats but also enable detailed tracking and measurement of email security metrics is paramount.

By adopting a more nuanced and proactive approach to email security, organisations can significantly mitigate risks and enhance their overall cybersecurity posture.

One of the most practical ways to adopt a more proactive approach is by outsourcing your email security requirements to a managed service provider whose sole responsibility is to provide protection to your organisation. This removes the risk of burnout for your IT team and adds a layer of security that allows you to sleep at night without worry.

Niall Mackey is Commercial Director of Topsec. His team specialises in enhancing email security for firms, safeguarding sensitive data against cyber threats.