Nearly everything can be done online. If we want to know something, we Google it. If we want to watch something, we go on to Youtube or Netflix. And when we want to communicate with someone, we send them an email.
While most of us take this for granted, David Finger, Senior Director of Product Marketing at Fortinet shares his insights on why email security should be a priority.

Industry Data Shows Email is a Top Attack Vector

In the 2019 Data Breach Investigation Report from Verizon, 94% of malware was delivered via email and top cybercriminal action leading to a breach was phishing.

`In fact, FortiGuard Labs routinely finds new phishing campaigns emerging. But it’s not just malicious files or URLs in email that represent a risk. According to the FBI, over a two year period Business Email Compromise exposed victims to an estimated loss of $3.3 billion. And the U.S. Department of Justice recently filed suit against a cybercriminal alleged to have stolen $100 million using that type of fraud.

Email is Moving to the Cloud

Whether your organization uses Microsoft Office 365, Google G-Suite, or another cloud-based email provider, email infrastructure is moving off-premises and into the cloud to be managed by someone else. This makes perfect sense given the maturity of email systems and increasing IT focus on other high-value aspects of digital transformation.

However, outsourcing email infrastructure doesn’t necessarily mean you should outsource email security. Given the industry data above, this is a very important question for each organization to answer in relation to their unique appetite for risk.

Leading Industry Analysts Assert You Must Re-Assess Email Security Architecture

In fact, more recently, Gartner published their Market Guide for Email Security and asserted that “Security and risk management (SRM) leaders must revisit their organizations’ email security architecture in the light of current email threats, such as sophisticated malware, links to exploit kits, credential phishing and BEC.”

The Market Guide states “the following capabilities can be used as primary differentiators and selection criteria for email security products: protecting against attachment- and url-based threats as well as impersonation and social engineering tactics.

Sources have identified email-based malware, phishing, and BEC as costly⁠— and often, the top cybercriminal actions. For those organizations rapidly moving to cloud-based email systems, this issue remains, and just as with their tradition email solutions, they will still need to ascertain whether the native email security is sufficient. Additionally, leading analysts assert that every organization must re-assess their email security architecture.

Given this information, it seems pretty clear to me what we all should include among our 2019 security projects.