Last month, Gartner published their findings and recommendations from 1,500+ customer interactions in the 2023 Gartner Market Guide for Email Security. The bad news is that despite the technology in place, the phishing problem is only getting worse as attackers evolve their strategies to avoid detection.  The good news is that Gartner provides some strong recommendations to help protect organizations from these emerging threats. 

This post reveals three key takeaways from the 2023 Gartner Market Guide for Email Security  

3 Take Aways from the 2023 Gartner Market Guide for Email Security  

1. Phishing Threats Are Evolving 

Email remains the primary attack vector for cybercriminals. Unfortunately, attackers continue to adapt the approaches to expose vulnerabilities and launch highly deceptive attacks. One attack gaining traction is Business Email Compromise (BEC) attacks, which can go undetected by legacy and native email security solutions—leading to massive financial and data loss. 

While email remains a popular phishing vehicle, Gartner echos our Business Cost of Phishing report and warns of phishing attacks being launched outside of email, including collaboration platforms like Teams and Slack.  

2. AI is Required for BEC Protection 

Despite the use and success of SEGs in the early days of phishing, attacks have become more sophisticated and attackers have identified ways to dramatically reduce the effectiveness of relying only on a SEG. 

With BEC attacks becoming more convincing, menacing, and successful, Gartner recommends that organizations “use email security solutions that include anti-phishing technology for targeted BEC protection that use AI to detect communication patterns and conversation-style anomalies, as well as computer vision for inspecting suspect URLs.”  

Integrated Cloud Email Security (ICES) solutions are API-based anti-phishing tools that use AI and ML to continuously analyze email communications to detect threats that use social engineering techniques—malicious intent, not just malicious links and attachments.   

 “Integrated solutions that use APIs to examine emails are gaining momentum, augmenting either an existing SEG offering or the built-in protections. Many of these solutions use sophisticated anomaly detection techniques like natural language understanding (NLU), natural language processing (NLP) and image recognition. The direct integration makes these solutions easy to evaluate and prove value, and because they are behind existing controls, the value can be seen quickly.” 

GARTNER, “2023 MARKET GUIDE FOR EMAIL SECURITY” 
Ravisha Chugh, Peter Firstbrook, Franz Hinner, 13 Feb 20231  

3. Employee Education is Critical  

More interesting, however, is that Gartner doesn’t place email security solely on technology. Their findings emphasized improving employees’ security awareness to help combat the phishing problem.  

Gartner recommends that organizations invest in user education (security awareness training and phishing simulation testing) and “reinforce training with context-aware banners and in-line prompts to help educate users.”  

How to Leverage AI and Human Insights from a Completely Integrated Solution  

IRONSCALES is the complete solution for protecting your enterprise from advanced phishing attacks. The platform combines AI and human insights to effectively stop advanced attacks like BEC, Account Takeover (ATO), and VIP impersonation, and incorporates crowdsourced threat intelligence data to improve accuracy continuously.  

With IRONSCALES, over 10,000 customers are protecting their organization from advanced phishing threats by:  

• Reducing the effort to detect and remediate phishing threats using AI-powered phishing protection that automatically detects and quarantines polymorphic attacks across the entire organization 
• Ensuring that employees are a strong line of defense with access to more than 100 different security awareness training videos 
• Regularly testing employee’s security awareness by quickly launching prebuilt recommended phishing simulation testing campaigns based on seasonal trends, current threats, and more  
• Reinforcing awareness by alerting employees of potential threats with dynamic, straightforward email banners  
• Empowering employees to participate in the fight against phishing with the ability to report suspicious messages using Report Phishing Button quickly  

Download the 2023 Gartner Market Guide for Email Security to view all their findings and recommendations