In my continuing video blog series on Modern Email Security, I have had the opportunity to talk with many of the leading innovators tackling some of the toughest challenges in email security. The email threat landscape has been quite volatile over the past year, with so many criminals leveraging the human fear associated with the pandemic to fool unsuspecting users into handing over credentials and sensitive data.
With the almost overnight migration from on-prem email solutions to cloud-delivered email, many of the early-stage email security companies have been focused on the opportunity to strengthen the native email security controls offered by the CSPs. These same companies are tackling some of the more sophisticated, multi-stage email attacks involving phishing and other impersonation techniques.
However, while a majority of organizations are now depending on cloud-delivered email as their preferred email solution, we can’t take our eye off of on-prem email deployments. The recent Microsoft Exchange Server attack highlights the number of organizations still depending on on-prem email solutions. In my most recent ESG email security research, 60% of organizations reported the use of both cloud-delivered and on-prem email, so while most are depending on cloud-delivered email as their primary email application, pockets of on-prem Exchange usage continue to have a long tail. This means that email security teams need to not only maintain both environments, but also need to ensure that both are capable of defending against the highly dynamic, email threat landscape.
I’ve been impressed with the progress that many of the email security vendors have been making in stopping attacks involving phishing, often leading to more sophisticated and targeted threats. However, I worry that the long tail Exchange users may be getting left behind. And given that socially engineered attacks often leverage phishing across multiple communication mechanisms (SMS, collaboration tools, social media apps, and more), email security is only part of the larger defense platform required. Maybe we need to consider on-prem email as simply another communication channel that needs to get figured into the broader solution?
Check out my modern email security video series to learn more about how the innovators are tackling this and many other important email security issues.