By David Finger, Senior Director
Product Marketing at Fortinet
I have the opportunity on a weekly basis to speak with organizations who come through our Executive Briefing Center. They share information about their strategic business and security initiatives while learning about our corporate vision and ways we are helping customers with similar challenges to those they face.
‘Many times their stated interest is cloud, sometimes segmentation, and other times security operations. Without a question, these are important (and hot) topics, but I always try to carve out a little bit of time to talk about email security, and here’s why.and
Industry Data Shows Email is a Top Attack Vector
If you read the recent 2019 Data Breach Investigation Report from Verizon, you will notice that 94% of malware was delivered via email, and that the top cybercriminal action leading to a breach was phishing.
In fact, FortiGuard Labs routinely finds new phishing campaigns rising to the fore, such as this new version of Hawkeye that recently hit our weekly threat intelligence newsletter and blog.
But it’s not just malicious files or URLs in email that represent a risk. According to the FBI, over a two year period Business Email Compromise exposed victims to an estimated loss of $3.3bn. And the U.S. Department of Justice recently filed suit against a cybercriminal alleged to have stolen $100m using that type of fraud.
Email is Moving to the Cloud
Whether your organization uses Microsoft Office 365, Google G-Suite, or another cloud-based email provider, email infrastructure is moving off-premises and into the cloud to be managed by someone else. This makes perfect sense given the maturity of email systems and increasing IT focus on other high-value aspects of digital transformation.
However, outsourcing email infrastructure doesn’t necessarily mean you should outsource email security. Given the industry data above, this is a very important question for each organization to answer in relation to their unique appetite for risk.
Leading Industry Analysts Assert You Must Re-Assess Email Security Architecture
In fact, more recently, Gartner published their Market Guide for Email Security and asserted that “Security and risk management (SRM) leaders must revisit their organizations’ email security architecture in the light of current email threats, such as sophisticated malware, links to exploit kits, credential phishing and BEC.”1
This Market Guide states “the following capabilities can be used as primary differentiators and selection criteria for email security products:
- To Protect Against Attachment-Based Advanced Threats: Network Sandbox and Content Disarm and Reconstruction
- To Protect Against URL-Based Advanced Threats: URL Rewriting and Time-of-Click Analysis and Web Isolation Services
- To Protect Against Impersonation and Social Engineering Tactics Used in URL-Based, Attachment-Based and Payloadless Advanced Threats: Display Name Spoof Detection, Domain-Based Message Authentication, Reporting and Conformance on Inbound Email, Lookalike Domain Detection, and Anomaly Detection.”
(Side note: we are proud to have been listed among the Representative Vendors for Global SEGs in Gartner’s 2019 Market Guide for Email Security.)
To recap, sources have identified email-based malware, phishing, and BEC as costly – and often, the top – cybercriminal actions. For those organizations rapidly moving to cloud-based email systems, this issue remains, and just as with their tradition email solutions, they will still need to ascertain whether the native email security is sufficient. Additionally, leading analysts assert that every organization must re-assess their email security architecture.
Given this information, it seems pretty clear to me what we all should include among our 2019 security projects.
Find out about Fortinet’s FortiMail Cloud email security solution, and how it works to protect your critical data from being compromised in a breach.
*1: Gartner, “Market Guide for Email Security,” Neil Wynne, Peter Firstbrook, 6 June 2019.
*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
- Read our blog to learn more about the benefits of FortiWeb Cloud WAF-as-a-Service.
- Test drive a live demo and try FortiWeb Cloud WAF-as-a-Service for free for 14 days.
- Purchase FortiWeb Cloud WAF-as-a-Service on AWS Marketplace.
- Learn more about FortiWeb, Fortinet’s solution for web applications and API Protection (WAAP).
- Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio.
- Read more about Fortinet’s Network Security Expert program, Network Security Academy program, and FortiVets program.
- Follow Fortinet on Twitter, , Facebook, YouTube, and .
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 400,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.