The network effect and the search for resilient email security
Article by Trustwave senior director of product engineering Graeme Slogrove.
‘Email is dead. It’s a thing of the past.’
In the IT industry, this statement, or something like it, is said on a regular basis — usually corresponding with the rise of new communication or collaboration platform. Each time it happens, it’s prudent to remember a general rule around tools: as long as they retain specific advantages for the human beings using them, they generally endure.
Why email is here to stay
Email has many such advantages, so it’s not going anywhere. Perhaps email’s greatest advantage is allowing the user to experience ‘pull’ communications in a world of near-constant ‘push’ notifications.
Increasingly this means the user regains autonomy deciding when to engage — in fact, with a renewed emphasis on work-life balance, this is an original email characteristic that makes it seem new again.
Email is also superbly linear, permitting easy access to an instantly organised trail of information between parties which supports efficiency and follow-up. It comes with a deeply familiar user experience.
Not only is email everywhere, but it is ‘built-in’ to our lives as a required mode of communication for too many activities to name. In this sense, the network effect means email has way too many endpoints to die anytime soon.
Even as some consumers back away from regular email use, it’s not a complete withdrawal. What’s easier — having a receipt texted to a phone where users need to dig for it at some later date, or emailed directly into what is effectively already a filing system?
All of these advantages also have consequences for cybersecurity.
How familiarity breeds security invisibility
Unfortunately, this ubiquity has also covered email in a kind of invisibility cloak regarding cybersecurity. At the best of times, most people struggle to conceptualise the threats to data and operations that good cybersecurity protects against. Digital holes punched in systems by hackers are not as vivid as a broken window or a broken lock on a filing cabinet, even though the amount of material taken could be magnitudes greater.
The challenge is even more significant with email, with its years of stored correspondence and gigabytes of granular information that can be monitored and exploited by patient bad actors. As a result, organisations often don’t consider email as part of the security infrastructure like they should.
This leads to missing a critical component of email security: the need to accurately apply intelligence via advanced email protection to ensure business information is not lost or hacked.
The unique network effects of email
Email is an information and workflow system. For this reason, effective email security can’t be achieved without understanding user and organisational needs. Unfortunately, no magic tech bullets can replace a security approach that fits hand-in-glove with how a particular organisation uses email.
For example, helping the user organise inbound emails through smart categorisation and routing reduces the risk of a successful phishing attack. In addition, reducing volume increases individual abilities to vet threats in those rare, but vital, moments when something bad slips past the screening technology.
Understanding this network effect, no company is a boilerplate implementation, and email security is not set and forget. Even a small error in threat detection can lead to a poor outcome. Don’t underestimate the continuing need for end-user email security awareness and the ability to detect a phishing attack.
The secret sauce of email security
Resilient cybersecurity requires effective email security, and effective email security requires a constant engagement between the very latest threat intelligence and the email security system itself.
The email security product must be a critical player in the continual evolution of threat knowledge. It must also be part of a multi-layered security architecture, a multi-faceted product that synergises its proprietary advantages with the advantages of other security products.
The secret sauce must be a multi-disciplinary threat-hunting team standing behind the product, capable of deep-diving into novel threat samples and then providing those findings to the team that incorporates them into the email defence.
However, this kind of comprehensive global threat intelligence sharing becomes the secret sauce when it rapidly assimilates into defences at speed. Email security solutions should immediately apply threat data applied in real-time to drive an organisation’s security posture forward.
Where’s it all going?
It’s worth remembering the fundamentals of email security revolves around whether it can be appropriately customised to balance everyday, practical use with risk reduction.
The application of scored heuristic traits, optimised by machine learning, can maximise detection and minimise false positives. Yet, the flexibility to create an organisation’s own rules and apply business logic can equally work to protect the business from email compromise.
Making email work as a communication tool requires an ability to fine-tune security settings so that workflow isn’t interrupted. So while AI and ML solutions will help bolster email security for emails by adding screening capabilities based on behavioural learnings, this will need to be accompanied by unique security parameters as they relate to business operations.
Here’s to a future of secure email and secure organisations.