To say that this year has been eventful for email security is an understatement. From continued nation-state attacks to large scale breaches, phishing and other email attacks have continued to enter mainstream consciousness. And even more so than last year, the rise of Business Email Compromise (BEC), the threat of ransomware attacks, email impersonation attempts and social media phishing scams became even more sophisticated and riskier to both individuals and organizations.
Last year at this time, we first predicted that the phishing awareness training market was primed for consolidation in 2018. In November 2017, I stated that:
“Sensing the frustration of their customers and realizing how complex phishing emails have become, both secure email gateway and computer-based employee awareness and training program providers will accelerate the consolidation of their respected market sectors through mergers and acquisitions that can cover gaps in their existing services and solutions such as automation and orchestration.”
Before Q1 2018 was even halfway over, Barracuda Networks has announced its acquisition of PhishLine to add what it said were new capabilities to deliver integrated, adaptive security awareness training. Additionally, Proofpoint recently announced its forthcoming acquisition of Wombat Security to “provide the industry's first-ever integration of market-leading protection and awareness offerings.
The year ahead is always hard to project. And I doubt that I’ll be as accurate this year as last. Nonetheless, as 2018 comes to an end, here’s what we anticipate email security will look like in 2019.
Buyers Force the Industry to Define Automation
In cybersecurity, the term “automation” remains frustratingly ambiguous and ill-defined, yet it is thrown around as frequently as the terms “AI” or “zero-day.” Here’s how we foresee automation’s definition evolving in the coming year:
- Increased competition, M&A acceleration and consumer demand will finally force the industry to set some parameters around what does and does not constitute an automated solution, as not all automation is created equal.
- Moving forward, more educated buyers will begin to ask tougher questions and scrutinize vendors making hyperbolic claims of automation, looking to truly gauge whether or not email security, anti-phishing and other cybersecurity solutions provide all of the benefits of automaton.
SOAR Meets Email
As email attacks grow more frequent and complex, organizations are scrambling for new ways to reduce risk and better detect and remediate threats. The advanced methods that hackers are using, such as business email compromise (BEC) and impersonation attacks, are making it increasingly difficult for end-users to identify fraudulent emails. New Security Orchestration, Automation and Response (SOAR) solutions coming to market offer an end-to-end means to identify and remediate threats while continuously learning to better improve the process. When put into the inbox, Email Security Orchestration Automation and Response (E-SOAR) can be a complete game-changer for email security. It can streamline phishing incident response by reducing manual email analysis with automation and expedite real-time orchestration with advanced anti-malware tools, accelerating phishing detection to complete enterprise-wide remediation significantly.
Update - Mar 2, 2023
The automation and orchestration originally described in this blog coined the term E-SOAR, since then it has evolved to be commonly referred to as M-SOAR.
Email Flooding Attacks Return with a Vengeance
In 2018, this easy-to-implement technique began to make a comeback, which is poised to continue into the new year for two primary reasons: to deliver the messages and demands of hacktivists and as a diversionary tactic to help perpetrate financial or operational fraud. We even wrote an article about this disturbing re-emergence, and how email security managers can no longer rely on legacy tools and script writing to detect and respond to threats. Currently, attackers use the email flood to distract victims and to exhaust security resources while they perform fraudulent transactions. By the time the targeted person or organization clears the clutter and discovers the legitimate emails notifying them of account changes or suspicious activity, the attackers have made off with the funds.
Organizations Forced to Re-think Social Media Policies
Presently, cybercriminals consistently sweep the web for useful information that businesses and employees willingly put online. From social media profiles and job listings to employee bios, photos and more, cybercriminals easily obtain the “inside baseball” info needed to perfectly execute an email spoof or impersonation attack by inundating targets with well-crafted, almost impossible to detect phishing emails over extended periods of time. In fact, top cybercriminals can spend months building behavior profiles before tailoring their phishing campaigns, so to make the messages appear as authentic even to those with a trained eye. With this knowledge, companies of all sizes will begin to have serious conversations about limiting the information that their brand and employees share online, since doing so will be imperative to reducing risk moving forward.
AI Becomes SOC’s Best Friend
In 2019, AI technology will finally be able to help not just identify attacks, but also provide evidence-based guidance on how security teams can and should respond to threats. In many situations, AI will be able to respond without the intervention of SOC teams at all. That’s because AI is constantly learning, and the technology is poised to stay in step with attackers ever-changing tools and techniques.
Cybersecurity constantly evolves as threats change and manifest in new ways. The industry is trading awareness for prediction and action, and security solution providers must be proactive in their offerings and capabilities to meet the new client demands of automation, true AI and the best protection for their organizations. By combining technical controls with end user controls and process automation, our approach to email security is poised to meet the evolving needs and demands of inboxes in the new year. So, as you hit send on the final emails of 2018, ask yourself, “is my organization ready for the next round of email security?
If the answer is yes, then schedule a demo with us today to learn about our tools that can help you anticipate a potentially damaging email security disaster before it’s too late.