Last month, Gartner published their findings and recommendations from 1,500+ customer interactions in the 2023 Gartner Market Guide for Email Security. The bad news is that despite the technology in place, the phishing problem is only getting worse as attackers evolve their strategies to avoid detection. The good news is that Gartner provides some strong recommendations to help protect organizations from these emerging threats.
This post reveals three key takeaways from the 2023 Gartner Market Guide for Email Security
Email remains the primary attack vector for cybercriminals. Unfortunately, attackers continue to adapt the approaches to expose vulnerabilities and launch highly deceptive attacks. One attack gaining traction is Business Email Compromise (BEC) attacks, which can go undetected by legacy and native email security solutions—leading to massive financial and data loss.
While email remains a popular phishing vehicle, Gartner echos our Business Cost of Phishing report and warns of phishing attacks being launched outside of email, including collaboration platforms like Teams and Slack.
Despite the use and success of SEGs in the early days of phishing, attacks have become more sophisticated and attackers have identified ways to dramatically reduce the effectiveness of relying only on a SEG.
With BEC attacks becoming more convincing, menacing, and successful, Gartner recommends that organizations “use email security solutions that include anti-phishing technology for targeted BEC protection that use AI to detect communication patterns and conversation-style anomalies, as well as computer vision for inspecting suspect URLs.”
Integrated Cloud Email Security (ICES) solutions are API-based anti-phishing tools that use AI and ML to continuously analyze email communications to detect threats that use social engineering techniques—malicious intent, not just malicious links and attachments.
“Integrated solutions that use APIs to examine emails are gaining momentum, augmenting either an existing SEG offering or the built-in protections. Many of these solutions use sophisticated anomaly detection techniques like natural language understanding (NLU), natural language processing (NLP) and image recognition. The direct integration makes these solutions easy to evaluate and prove value, and because they are behind existing controls, the value can be seen quickly.”
GARTNER, “2023 MARKET GUIDE FOR EMAIL SECURITY”
Ravisha Chugh, Peter Firstbrook, Franz Hinner, 13 Feb 20231
More interesting, however, is that Gartner doesn’t place email security solely on technology. Their findings emphasized improving employees’ security awareness to help combat the phishing problem.
Gartner recommends that organizations invest in user education (security awareness training and phishing simulation testing) and “reinforce training with context-aware banners and in-line prompts to help educate users.”
IRONSCALES is the complete solution for protecting your enterprise from advanced phishing attacks. The platform combines AI and human insights to effectively stop advanced attacks like BEC, Account Takeover (ATO), and VIP impersonation, and incorporates crowdsourced threat intelligence data to improve accuracy continuously.
With IRONSCALES, over 10,000 customers are protecting their organization from advanced phishing threats by:
Download the 2023 Gartner Market Guide for Email Security to view all their findings and recommendations