• About
  • Subscribe
  • Contact
Friday, May 9, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Reframing email security strategies for 2023

Allan Tan by Allan Tan
November 16, 2022
Photo by Maksim Goncharenok from Pexels: https://www.pexels.com/photo/gold-letter-y-on-black-background-5605061/

Photo by Maksim Goncharenok from Pexels: https://www.pexels.com/photo/gold-letter-y-on-black-background-5605061/

The Australian Government’s Annual Cyber Threat Report 2022 reported that losses from business compromised email (BEC) scams are up 21% from the previous year, reaching A$98 million, with the national average loss per successful BEC exceeding A$64,000. The report noted that “despite the best efforts of law enforcement agencies, only a small fraction of BEC financial losses are ever recovered.”

A business email compromise is a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds or revealing sensitive information. Because BECs are often sent to a target, the message may look legitimate.

ResearchAndMarkets.com estimates the global BEC market – organisations offering solutions to combat BEC – will reach US$1.1 billion in 2022, and more than double to US$2.8 billion by 2027.

The firm says the use of free, open-source, and pirated email security software and the high cost associated with the deployment of BEC solutions are expected to hinder the market growth.

So, what else is new? FutureCIO reached out to Sundaresan Kanappan, vice president of high growth technologies for Tech Data Asia Pacific & Japan, on how emails continue to be one of the most popular vectors of attack.

Emails have been around since the 1970s. Given the many other ways to communicate with others, why do emails continue to be popular as a business communication tool?
Sundaresan Kannappan

Sundaresan Kanappan: Today, with the easy availability of numerous applications, there is an increasing shift towards apps which provide convenience via collaboration and messaging options.

However, email is ubiquitous and is essentially a standard communication format that is widely used and accepted by the virtue of it having almost zero barriers to entry and its reach. Email permits elaborate and detailed communication, which is difficult in applications. Moreover, emails are now accepted as legal documents on many occasions.

Another reason why emails are still popular is the accessibility aspect since emails do not require VPN (virtual private network) or workplace access. Emails are also evolving with new functionality — such as collaborative emails — to keep up with current needs.

We anticipate that email will continue to be popular and that security solutions will continue to mature and provide the depth and breadth of functionality that security teams require.

From a security and privacy perspective, are most organisations in Asia observing best practices when it comes to email use?

Sundaresan Kanappan: Organisations are becoming more aware of the risks associated with email security and privacy but there still is a long way to go since a piecemeal approach to security will never work.

One of the key issues we see is that due to the overuse of emails, exposure levels are increasing. On average, everyone receives about 100 emails per day, with 300 billion emails sent and received globally, daily.

Implementing strong email defences is paramount – this will allow organisations to stop malware threats and tackle phishing emails. Having a secure email gateway whether deployed as cloud services, on-premises or through a hybrid model will be effective in tackling spam, graymail or other harmful emails.

It is important for organisations to have their emails encrypted, encourage better password management practices, use two-factor authentication, implement endpoint anti-virus protection across all work devices and most importantly educate employees about phishing, ransomware, CEO Fraud and Business Email Compromise (BEC) red flags.

Security management for emails is also a complex activity in today’s world and organisations are forced to use many tools to secure email communications.

Per Osterman Research, organisations remain vulnerable to breaches through email. Despite all the technologies and expertise available today, including claims of protection by cloud service providers, why do email attacks persist and why are success rates high?
Types of security incidents that have occurred during the previous 12 months (percentage of respondents)
Source: Osterman Research 2021

Sundaresan Kanappan: Lack of cybersecurity awareness is one of the key accelerators of persistence in email attacks. Unprotected endpoints are also a major security concern with remote working becoming more common, since the employees’ computers may not be consistently protected by an organisation’s perimeter-based defences, leaving them more vulnerable to cyber threats.

Based on our observation, what’s needed is to drive awareness and the right adoption and implementation of technologies. Given the lack of cybersecurity skills about the technical skills possessed by domain experts, there needs to be a strong focus on developing skills.

Conducting effective security awareness training is an ideal way to guard against email attacks and other cyber threats.

This is where a Centre of Excellence (CoE) can play a vital role, bringing together experts from different disciplines through a shared facility which provides training and further enablement opportunities for customers.

A CoE which is well-established can help partners enhance their skills, optimise their operations, and increase their speed to market so they can capture new business opportunities.

What are contributing factors to this success rate in terms of breaches via email?

Sundaresan Kanappan: Today, attackers are coming up with innovative ways of using email-based cyberattacks, given the growing technology use across organisations and that emails have become essential to business communications.

In fact, based on MailGuard’s research, email is the number one vector for cyberattacks, with 91% of them starting with an email. According to IBM’s Cost of a Data Breach Report 2022, the global average cost of a breach is now US$4.35 million.

Security vendors keep harping on the importance of layered approaches to security. Can vendors guarantee that with a layered approach, even a multi-layered approach, breaches via email can be significantly reduced to near zero?

Sundaresan Kannappan: There is no single, standalone security measure that will guarantee the reduction of data breaches via email to near zero. This is as the nature of the industry means that new, sophisticated, and targeted attacks are being created every day. As breaches can come from legitimate but compromised accounts, or even from a vendor, stopping every threat is impossible. 

What businesses need to do is deploy a multi-layered security stack to keep their ICT infrastructure and assets fully protected.  Gartner predicts that by 2024, organisations that adopt a “cybersecurity mesh” architecture will reduce the financial impact of individual security incidents by an average of 90%. This shows that while cybersecurity can be enhanced, it is challenging to achieve a reduction to near zero.

The final aspect of security is the human factor – where mindsets and behaviours around security need to be continuously improved via education and awareness. This combination of technology with behaviours is probably our best bet in realising near-zero incidents. 

Can and should vendors take responsibility for successful breaches under their watch?

Sundaresan Kanappan: There is a general belief among IT professionals, that vendors are well-informed in managing all areas of their cloud-based email services, whether it is compliance requirements or security. This misunderstanding leads to major gaps in cloud compliance and security coverage when those IT professionals don’t manage their end of the collective responsibility model.

As such, a collective approach is the best way forward, by being aware and acting on the various elements of one’s responsibility, be it an end-user, IT professional or vendor.

Going forward, how should CIOs/CISOs reframe their email security strategy to further improve the protection of users and the company?

Sundaresan Kanappan: A best practice is to adopt a multi-layered approach to email security, as no single vendor can defend against every threat. As such, if a business is using Microsoft 365, even with Defender, they should still deploy an additional specialist layer of email security to enhance their protection. Experts refer to this as a “defence-in-depth” approach.

Additionally, businesses must take a holistic approach to their email security, like password management and best practices, mandating multi-factor authentication, and investing in cyber awareness training for their workforce.

Related:  Qualities of fast-growth cybersecurity partners
Tags: Business Email CompromiseGartnerOsterman ResearchTech Data
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • ARTHALAND chooses OutSystems to advance real estate sustainability
  • Experts warn against AI-powered deepfake impersonation scams
  • Dropbox updates universal search and knowledge management product
  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe