How Do You Know Your Email Security Is Working?

by Duncan Mills

When was the last time you assessed the effectiveness of your email security?

Email is the main vehicle for introducing malware into an organization, so it is imperative that you do so. Here at Cyren we know how eye-opening such an evaluation can be, because during September and October, we conducted such email security "gap analysis" tests for a number of organizations, and found that, after scanning by the in-place security solution, an average 10.5% of email reaching these companies' users was spam or contained a phishing or malware threat.

How to find out: Gap Analysis

Cyren has been helping organizations assess their email security in the only way that is effective—real-life, live testing—and we’ve now expanded the availability of the free service. The Cyren Email Security Gap Analysis assessment is a non-intrusive mechanism for evaluating an existing email security infrastructure. Recently, we ran Gap Analysis assessments with a number of companies and processed a total of 11.7 million emails. These had all been scanned by the in-place email security solution, considered clean and delivered to users. We found that 10.2% were spam, which is an annoyance for users, but of greater concern was the number of phishing (34,143 emails) and malware threats (5,039 emails) reaching users. Even though only a small percentage of total email delivered, considering the tremendous volume of email at any organization, having hundreds or thousands of malicious emails getting through is not an acceptable risk. 

We’ve made available a full report with aggregated email security assessment results for September and October, or feel free to visit our Gap Analysis web page or download our Gap Analysis data sheet for more information on having your own test done.

“I don’t have a problem”

Many IT security professionals assume their email security is performing perfectly, until a user reports that he has received a phishing email or his endpoint protection has detected a threat. Worse, of course, is when your security incident and event management (SIEM), endpoint detection and response (EDR) or data loss prevention (DLP) solutions alert you that your network has been breached. That is if you are lucky enough to have the budget for this type of defense-in-depth, and the people to make sense of all the alerts and respond to them.

Assuming that your email security is just fine, because an attack has not been discovered, is not a viable strategy – you have probably seen the statistics that indicate that 25% of breaches remain undiscovered for a month, during which time the bad guys are helping themselves to your sensitive data.

Is the email security industry doing enough to protect organizations, their employees and information, or have many of the players in this space become complacent? Recent successful, high-profile ransomware attacks suggest the latter, but how did we get here?

Email security got "commodotized" and industry lost focus

Just over a decade ago, the email security industry was growing, buoyant and ready for a spate of acquisitions. Larger information security vendors, wanting to broaden their portfolios, acquired many of the appliance and SaaS companies.

The major change in the industry came when, to add protection to their services, the largest hosted email providers acquired some of the larger email security SaaS providers. They integrated the technologies, and because of the scale of these businesses, they were able to offer the security element at a fraction of the then-current market price. The upshot was that email security quickly became a commodity.

Around the same time, email threats were well understood and under control, so vendors, no longer able to realize much of a monetary return from email security, moved their innovation efforts and R&D budget elsewhere. Many security vendors shifted focus to other, higher growth security technologies, and the few remaining pure-play email security SaaS companies switched to complementary higher-value services, such as email archiving.

Paying the price for lack of security investment

This brings us back to present day, where this lack of investment is obvious. The world has changed and cyber criminals have found easy, low-risk ways of monetizing attacks through ransomware and phishing.  Every week there are reports of another successful attack, and these are just the ones that are discovered and reported. The malware authors and attackers are constantly evolving their evasion techniques to try to beat even the most sophisticated defenses, and traditional email security infrastructures have been struggling to keep up—with evident consequences.


 Want to learn more about cloud-based email security and archiving? Contact us here!

Go back