By David Finger, Senior Director, Product Marketing at Fortinet
I have the opportunity on a weekly basis to speak with organizations who come through our Executive Briefing Center. They share information about their strategic business and security initiatives while learning about our corporate vision and the ways we are helping customers with similar challenges to those they face.
Many times their stated interest is SD-WAN and cloud, sometimes segmentation, and other times security operations. Without a question, these are important (and hot) topics, but I always try to carve out a little bit of time to talk about email security, and here’s why.
Top attack vector
If you read the recent 2019 Data Breach Investigation Report from Verizon, you will notice that 94% of malware was delivered via email and that the top cybercriminal action leading to a breach was phishing.
In fact, FortiGuard Labs routinely finds new phishing campaigns rising to the fore, such as this new version of Hawkeye that recently hit our weekly threat intelligence newsletter and blog.
But it’s not just malicious files or URLs in an email that represent a risk. According to the FBI, over a two year period Business Email Compromise (BEC) exposed victims to an estimated loss of $3.3bn. And the U.S. Department of Justice recently filed suit against a cybercriminal alleged to have stolen $100m using that type of fraud.
Email is moving to the cloud
Whether your organization uses Microsoft Office 365, Google G-Suite, or another cloud-based email provider, email infrastructure is moving off-premises and into the cloud to be managed by someone else. This makes perfect sense given the maturity of email systems and increasing IT focus on other high-value aspects of digital transformation.
However, outsourcing email infrastructure doesn’t necessarily mean you should outsource email security. Given the industry data above, this is a very important question for each organization to answer in relation to their unique appetite for risk.
Leading Industry Analysts Assert You Must Re-Assess Email Security Architecture
In fact, more recently, Gartner published their Market Guide for Email Security and asserted that “Security and risk management (SRM) leaders must revisit their organizations’ email security architecture in the light of current email threats, such as sophisticated malware, links to exploit kits, credential phishing and BEC.”1
Sources have identified email-based malware, phishing, and BEC as costly – and often, the top – cybercriminal actions. For those organizations rapidly moving to cloud-based email systems, this issue remains, and just as with their tradition email solutions, they will still need to ascertain whether the native email security is sufficient. Additionally, leading analysts assert that every organization must re-assess their email security architecture.
Given this information, it seems pretty clear to me what we all should include among our 2019 security projects.
Find out about Fortinet’s FortiMail Cloud email security solution, and how it works to protect your critical data from being compromised in a breach.