By Josh Neame, CTO, BlueFort Security
Email continues to be the cornerstone of business communications for organisations around the world. However, without a shadow of doubt, it is also the most exploited entry point for cybercriminals. Specifically, business email compromise (BEC) continues to be one of the most financially damaging cyber threats facing organisations today. IBM’s Cost of a Data Breach report found that the average cost of a BEC is just short of $5 million. That’s a big chunk of change, and the repercussions for some victims could be the end of the road.
The email threat landscape is evolving rapidly, and the proliferation of AI has opened the floodgates to all manner of often unseen email attacks. It’s becoming a greater challenge to prevent targeted email attacks, vishing, phishing, and our old friend BEC, from reaching users’ inboxes.
In today’s cloud-first world, over 56% of companies rely on Microsoft for their email. Moving to the cloud has helped more than 250 million people per month work in a faster, more flexible way.
Limitations of Secure Email Gateways (SEGs)
Earlier this year I wrote about the limitations of secure email gateways (SEGs) – a cybersecurity solution that was built for an era of spam and viruses. SEGs did their best work when organisations had on-premises email servers, not cloud solutions like Microsoft 365. While effective against ‘conventional’ threats, SEGs often struggle with more sophisticated, socially engineered attacks.
As attackers leverage AI-driven techniques, traditional email security, including SEGs, is no longer enough to stop sophisticated phishing and social engineering tactics. To stay ahead, organisations need a layered, AI-powered defence that extends beyond the inbox.
This is why companies are increasingly adopting multi-layered email security strategies and utilising Integrated Cloud Email Security (ICES) products that augment the email security capabilities already available with Microsoft Defender for Office 365 – and serve as a second filter.
ICES Predicted Growth
Statistics vary but the direction of travel for ICES adoption is definitely one of significant growth. As an example, this Valuate report sizes the global market for ICES at US$ 1.41 billion in the year 2024 with a projected size of US$ 3.68 billion by 2031, growing at a CAGR of 14.8% during the forecast period.
The ICES category was officially acknowledged by analyst firm Gartner in 2021, describing it as a distinct and necessary category of solution for modern email threats. At that time, Gartner cautioned that, “Continued increases in the volume and success of phishing attacks and migration to cloud email require a re-evaluation of email security controls and processes. Security and risk management leaders must ensure that their existing solution remains appropriate for the changing landscape.”
Despite this caution being 4 years old, it remains an accurate portrayal of the state of email security today. Therefore, the additional layers of protection that ICES solutions provide – a focus on the more sophisticated, and specific types of threats or user behaviour patterns – is critical.
Deep Dive into ICES
At a glance, below are the benefits of ICES, versus traditional email security platforms, supported by SEGs.
- Advanced Threat Detection: ICES solutions leverage advanced technologies like machine learning (ML), natural language processing (NLP), natural language understanding (NLU), and behavioural analysis to spot sophisticated threats that traditional email security often overlooks.
- Seamless, API-Based Integration: ICES solutions integrate directly with cloud email platforms using APIs. This makes setup easy and keeps mail flow running smoothly. ICES also provides a clearer view of what’s happening inside your email environment.
- Enhanced User Awareness: Many ICES platforms include real-time warning banners for suspicious emails, offering contextual security awareness training that helps users make informed decisions. It also teaches good security habits, helping users identify potential trouble before clicking on a suspicious link.
- Streamlined Operations: ICES brings all your email security controls together in one place (e.g., the Microsoft Defender dashboard), so you don’t have to juggle a bunch of different tools. It cuts down on administrative overheads and makes managing everything a whole lot easier.
- Adaptive and Continuous Learning: Utilising AI, ICES continuously learns from new data and adapts its detection algorithms to stay ahead of evolving attack vectors, providing dynamic protection against emerging threats.
In short, ICES solutions can help catch these advanced cyber-attacks that often evade traditional email security measures.
Microsoft Benchmark Data
In July this year, Microsoft announced two initiatives – both aimed at increasing transparency around how email security effectiveness is measured and communicated.
One of the two benchmarking reports is designed to help security leads evaluate the benefits of integrating multiple email security solutions. It includes a deep dive into ICES vendors which detect and remediate threats after Microsoft Defender for Office 365. (For completeness, it also runs a deep dive into SEGs, which you can read here.) Microsoft is keen to highlight that these reports are based on real-world threat data rather than synthetic tests, to provide an objective basis for comparison at scale.
The benchmarks compared environments protected solely by Microsoft Defender for Office 365, with those where additional protection was provided by ICES vendors layered after Defender for Office 365.
The Value Add of ICES Vendors
The results of Microsoft’s benchmarking data speaks for itself. It shows that layering on ICES products with Defender for Office 365 yields the greatest impact in enhancing the detection of promotional or bulk email, with an average improvement of 20%. For malicious messages and spam across all vendors analysed, the average improvement was 0.30% for malicious catch and 0.51% for spam catch. The benchmark clearly shows that by continuously learning from new threats and adapting its detection algorithms, ICES provides dynamic protection that evolves alongside the threat landscape.
BlueFort’s Partner of Choice – Abnormal Security
When it comes to ICES, our partner of choice is Abnormal AI. The company was founded by Evan Reiser and Sanjay Jeyakumar, whose previous firm worked out how to leverage AI’s ability to make billions of real-time decisions in AdTech (that company was acquired by Twitter/X). They then founded Abnormal in 2018 to apply their AI learnings to a greater mission: protecting humans from cybercriminals. As an aside, among the 14 vendors in the email security market evaluated by Gartner, Abnormal is positioned furthest for Completeness of Vision.
An email security trends survey from Abnormal AI found that:
- 93% of organisations have switched to a cloud email solution, or plan to do so in the future.
- 78% believe that secure email gateways (SEGs) are not capable of protecting modern cloud email environments.
- 79% think the native security capabilities of cloud email solutions offer insufficient protection on their own.
- 90% agree that a combination of a cloud email provider’s native security capabilities and an integrated cloud email security (ICES) platform can replace a SEG.
Now admittedly this survey is a couple of years old (2022), but the findings still resonate with discussions that I’m having with CISOs and IT security teams today. Email is still the primary communications platform used by companies and brings with it the widest risk factors.
There’s no doubt that the adoption of cloud email platforms, accelerated by remote work and digital transformation, has expanded attack surfaces. ICES represents the evolution of email security, addressing the limitations of SEGs and the native security features of cloud email providers.
Through our partnership with Abnormal.AI, we bring cutting-edge behavioural AI security to enterprises of all sizes, helping them defend against the most costly and evasive threats.
If you’re curious to know more, drop me a line for a no obligation conversation about your email security challenges.
