Email Security Blog

Gartner Security & Risk Management Summit Takeaways

Agari June 17, 2015 Email Security
Fallback Featured Image

Last week I was at the Gartner Security & Risk Management Summit for the first time in three years and while there, a few things struck me. We’ve all seen the steady drumbeat of cyber attack headlines that expose millions and millions of people’s sensitive information. The attendees at the conference certainly have, too. Because it was absolutely packed; the show has grown tremendously in the last few years. Another interesting note for me was the prevalence of very senior security industry executives at the show – not just CISOs, but I saw many CIO name badges on people wandering the conference floor and stopping by the Agari booth.

It’s a good sign, in my mind, to see the issue of security moving farther up the corporate ladder. Not a moment too soon, either. I would say that a surprising majority of the people who stopped by our booth told us that they were seeing CEO and CFO spoof emails at their companies. The most common variants were spoofed emails purporting to come from the CEO sent to the CFO telling him to wire money related to a super-secret acquisition to some account. Controllers at the companies were also receiving similar spoofed emails purporting to come from their CFOs. Also extremely gratifying was, once we explained to visitors to our booth what we were doing with email security at Agari and how we are proactively solving the problem, many of them told me it was the most interesting thing they’d heard at the show.

Other top takeaways for me included the Gartner forecast that by 2020, 60 percent of security spending will be on post-infection or post-breach detection and remediation. Compare this to the 40 percent of security spending that is aiming to stop breaches before they happen. The shift in security spending tells me two things: First, that companies are – more and more – simply just giving up on trying to stop the breaches before they happen. Second, once breaches do occur, they are only becoming more difficult and incredibly more expensive to detect and remediate.

The shift in the security mindset, too, is proving difficult for companies to navigate. It used to be that security policies were architected such that once you authenticated yourself and were inside the walls of the organization, you were therefore trusted. If you were outside the walls, the default was you weren’t trusted. But now we’re seeing the growing trend of devices not being trusted as a default whether they’re inside or outside an organization’s firewall. There’s now this shift to no devices being trusted, but it is such a difficult concept to embrace and hard for organizations to change the way their security is architected across the board.

Suffice to say that with the packed attendance I saw, higher-level security executives and the difficulty organizations are having changing their security architectures to a no-trust-first model, security as strategic business competency is only gaining in visibility. And this is a good thing, because we as an industry have a long way to go in securing organizations from the unrelenting cyberattacks we see every day.

 

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 18, 2019 Patrick Peterson

Businesses Grow More Vulnerable to Email Attacks, Even with Improved Defenses

Cybercriminals increasingly use new forms of identity deception to launch an email attack to target…

Agari Blog Image

July 16, 2019 Seth Knox

Microsoft Office 365 + Agari Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics… more than 70% of all business users will be provisioned with…

Agari Blog Image

July 11, 2019 Armen Najarian

Restoring Trust to Digital Communications: How Smart Communities Model the Good

Legacy email security systems are failing, as more enterprises migrate their emails to the cloud…

Agari Blog Image

June 27, 2019 Siobhan McNamara

The 4 Fundamentals of AI-Based Email Security

Predictive, AI-based email security is proving to be remarkably effective at protecting against today's most…

Agari Blog Image

June 20, 2019 Michael Cichon

Email Security: Using ML to Prevent Advanced Attacks

The statistics are astounding. Email remains the number one threat vector for data breaches, the…

mobile image