Combining cloud-based email with cloud-native email security dramatically increases the ROI and efficacy of email security
An 80% spike in business email compromise (BEC), phishing and other advanced email attacks in recent months is enough to raise alarms for any chief executive. After all, the focus should be on executing to plan, not dodging cyber criminals.
In a recent survey, 92% of organizations report having been hit by BEC attacks, with up to 23% of those that end up falling victim suffering direct financial harm
Aimed at tricking a business’s employees into revealing login credentials or wiring payments for fraudulent invoices to criminals, these attacks easily bypass most security systems because they rely on deception rather than links or code. The average loss is now more than $130,000 per attack.
How bad is it? According to a recent survey of 800 global IT and C-suite leaders, 20% report that a member of their executive team was scammed through BEC attacks into sending sensitive data sometime in the last 12 months.
As a CEO, you’re certainly aware of the existential need for secure email communications. Yet despite investments in secure email gateways and other technologies, the C-suite is still getting pummeled by email fraud—creating uncertainty in the executive team over whether the emails they receive and respond to are legit.
The fact is, today’s phishing emails are so expertly crafted, so personally tailored, it’s nearly impossible to differentiate between legitimate and fraudulent messages appearing to come from the same source. Tactics such as domain and display name spoofing complete the deception.
The FBI pegs total losses from BEC at more than $12.5 billion. And beyond wire fraud and other scams, up to 95% of all data breaches start with a phishing email. The average cost per breach is up 6%—to $7 million.
Even just the threat of attacks can have a negative impact. For chief executives and their teams, uncertainty over the legitimacy of inbox messages can slow executive communications, clog IT and Security teams with investigative workflows and impede the ability to reliably and efficiently communicate important business details via email.
Those seeking to find a solution are likely to contend with two competing points of tension.
On one hand, sizable investments have been made in existing, on-premise email security systems. Yet email attacks continue to slip past current security controls. That’s because they were never designed to stop the types of advanced attacks we’re seeing in BEC.
At the same time, many organizations are moving email to the cloud and taking advantage of embedded anti-virus and malware features in place of having to deploy and manage comparable security controls in their on-premise systems. In turn, they’re finding a higher ROI, as cloud-based email creates efficiencies by reducing both capital and operating expenses.
Still, it’s not without some challenges. While cloud platforms such as G-Suite and Office 365 are able to block spam, known viruses and malware, most can’t shield you from advanced email threats like BEC.
But this just doesn’t seem right, does it? You should be able to click on anything in the inbox with confidence. Email security simply needs to get better—and smarter.
That’s why many organizations are turning to an AI-based approach to combat BEC and outsmart cybercriminals. This approach applies the latest machine learning models to forensically analyze email in the cloud. It’s highly effective, and it can pay impressive dividends.
We’ve taken this approach with Agari Enterprise Protect, leveraging data from over 2 trillion emails annually to continuously analyze and detect emerging threats around the globe in real time. With each new email analyzed, the models get smarter and security improves.
Organizations using these models can recognize attacks, even if they’ve never seen them before. It’s a kind of network effect that future-proofs your investment in email security. But, it’s an investment that’s typically smaller and more highly focused on filling new gaps in real time than most legacy email security controls. That’s a serious win-win.
In fact, most organizations find that investing in cloud-based email and combining it with advanced email security, dramatically reduces the risks from BEC attacks, costs less than legacy security email systems, and stops evolving threats before they have a chance to reach their target.
Whatever direction CEOs choose for their organizations, let’s hope they hurry.
Protecting organizations from the growing threat of BEC, phishing and other advanced email attacks has never been more important.
But for some, it has also never been more promising—if they find the right solutions for future-proofing their investments.
To learn more BEC attacks and how advanced machine learning-based solutions can disrupt them, download an exclusive white paper, “Business Email Compromise Report,” here.