Why a new approach to email security is needed

Understanding and mitigating the complexity of email security risks

Today’s email security risks are nuanced and complex. Learn about human-activated risks and advanced detection techniques for identifying and preventing them and creating a culture of cybersecurity within your organisation.

The complexity of today’s email security risks

It’s no longer a case of simply reinforcing the network perimeter. The risks are far more complex than before, often driven by human behaviour. From every conversation we have, security and IT leaders tell us that employees:

• Get hacked by increasingly sophisticated and targeted attacks.
• Make mistakes, such as sending sensitive emails to the wrong person or attaching the wrong file.
• Break the rules, sometimes maliciously for personal gain but often unintentionally, thinking they are just trying to do their job more efficiently!

These are a combination of both inbound and outbound threats but what they have in common is that they are human-activated risks – there’s a person behind each of them.

Why traditional approaches are falling short

These types of incidents are getting expensive. For example, an overworked and overtired junior lawyer sent a key client’s medical records to the wrong person. The fact that she was working incredibly long hours and dealing with all sorts of pressures ultimately didn’t matter. Huge sums were lost to legal and settlement fees, the client was extremely unhappy, and the employee was suspended for six months.

One of the reasons why this is such a hot topic right now is because existing approaches are not solving the problem. In the old world, organisations with on-premise Exchange incorporated a Secure Email Gateway (SEG) to plug gaps in their architecture where spam and viruses were slipping through.

However, the threats have evolved. In the face of much smarter bad guys and nuanced human behaviour, SEGs have struggled to detect far more sophisticated threats such as account compromise or, like our unfortunate junior lawyer, somebody emailing sensitive content to the wrong person. On top of that, Microsoft 365 (M365) has advanced its native security features, making Secure Email Gateway (SEG)  features obsolete and causing unnecessary additional costs and unwanted administration.

Advanced detection techniques for identifying and preventing email security risks

However, rather than adding unnecessary complexity and cost for duplicate features, customers are increasingly taking an integrated cloud email security approach and looking to providers, like Northdoor, to augment M365, topping up key areas and adding additional value.

Today customers are leveraging far more sophisticated technologies to detect even the most complex inbound and outbound risks. For example, combining machine learning and linguistic analysis techniques enables organisations to detect the smartest email attacks – such as a compromised supply chain account. Similarly, patented contextual machine learning models are being applied to every individual to establish a baseline of their ‘normal’ email behaviour, meaning the tech can help them spot when they’re about to make a mistake, like emailing sensitive content to the wrong person. The use of these technologies is stopping over 30% more incidents.

Employees are your first line of defence. Secondly, it is important to create cybersecurity advocates within the organisation. Traditional training programmes are critical to driving security awareness.  However, they can prove time-consuming and costly and are often seen as an unwanted distraction by employees. Therefore, there is a need to augment existing phishing simulation and training programs to prevent a potentially costly security incident. It’s no longer about doing everything at the network edge; it’s about interacting with people individually, using the proactive technologies we now have to provide real-time, teachable moments that empower them to stop future incidents themselves and build a culture of cybersecurity resiliency.

Making administration easy

Finally, we’re moving away from the information overload, heavy lifting, and burdensome administration of traditional email security solutions. Customers always tell us that they’re just too complex and end up taking too much time to trawl through. That’s why minimising the required configuration and only using policies to supervise machine learning algorithms means there’s no triage or quarantine for resource-constrained security teams to manage, as it’s all automated.

On top of that, here at Northdoor, we’re focusing on only providing actionable intelligence that administrators can use to identify organisational risks quickly, put mitigating steps in place and, where necessary, remediate threats. It’s not about throwing too much information at our customers; it’s a case of cutting through the noise, highlighting the risks that matter, and making critical decisions faster. Our solution is a cloud-based subscription service that offers full integration with both Microsoft and Google cloud email services, which makes it fast and easy to deploy. It works across all email client software on any physical device and gives IT security professionals a clear view of threats.

Applying all these capabilities together, security leaders can rest easy knowing that employees will keep sensitive data safe while enjoying the countless productivity benefits of M365.

By adopting a new approach to email security that takes into account the complexity of today’s risks, organisations can effectively mitigate threats, reduce the likelihood of costly breaches, and empower employees to play a critical role in keeping sensitive data safe.

To find out more about how our customers are stopping human-activated email security risks, get in touch with one of our experts here at Northdoor.