Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Education & TrainingCybersecurity News

The Biggest Email Security Challenge Facing Organizations Today

By Lorita Ba
SEC0918-edu-feature-slide1_900px
SEC0918-edu-slide2_900px

A 20-year veteran of the tech industry, Lorita Ba currently serves as head of marketing at GreatHorn. Ba has spent her career working at early- and mid-stage technology companies that help enterprises undergoing architectural shifts in data management, infrastructure and security. Most recently, she served as Interim Head of Marketing at NuoDB, where she was responsible for the strategy and execution of a comprehensive marketing strategy for NuoDB’s elastic SQL database.

SEC0918-edu-feature-slide1_900px
SEC0918-edu-slide2_900px
September 14, 2018

Email is the single most effective and commonplace way of reaching someone in the business world today. Even as other methods of digital communication have come and gone over its 40-year history, email remains the backbone of business communications with 3.7 billion users worldwide collectively sending 269 billion messages every day.

But email’s ubiquity and popularity comes at a price: vulnerability. With the growing prevalence and success of targeted social engineering attacks, email continues to be a shockingly easy entry point for cybercriminals. In fact, the FBI’s 2017 Internet Crime Report indicates that business email compromise and phishing drive 48 percent of ALL internet crime-driven financial loss – more than all other business-related internet crime combined. Depending on their form, these targeted attacks are called by a number of names – spear phishing, business email compromise, impersonation, credential theft, etc. – and have a disproportionately large impact on an organization as they gain access to confidential information, intellectual property and in many circumstances, east-west migration attacks that go from email into core backend systems that contain customer data or even financial access.

 

The Primary Email Security Challenge: Trust

Email security is a nuanced problem that lacks a silver bullet. This is because phishing preys on human psychology rather than technological vulnerabilities. At its core, the real challenge enterprises must overcome to protect themselves from email threats is users’ inherent trust in corporate email. This isn’t to say (as it might be easy to assume) that “users are the problem,” but in fact is symptomatic of a larger issue – that of the necessary balance between security and business operations.

According to a recent survey, there is a stark difference in the average workers’ perception of email-based threats within the enterprise and that of email security personnel. Only 34 percent of users without email security responsibility recall seeing email-based attacks in their inboxes, compared to 85 percent of email security professionals. While two-thirds of non-security workers claim to never see any email threats besides spam, 56 percent of security professionals see email-based attacks beyond spam on at least a weekly basis. These attacks include impersonations, wire transfer requests, W2 requests, payload attacks/malware, business services spoofing and credential theft.

This finding means one of two things: Either that the majority of professionals mistakenly believe that their work email systems are inherently secure or that they are lumping all “unwanted” email into the single category of “spam” regardless of whether it technically meets that definition. This dismissal of such threats within corporate email isn’t a result of thoughtless negligence – it’s due principally to a focus on business efficiency and operations. The average non-technical worker uses email as a tool to accomplish their job. The volume of email that comes through without threat, in fact, works against security in this instance because it lulls such workers into a false sense of confidence in the medium. The result is a high susceptibility to phishing and social engineering attacks, especially as those attacks become more sophisticated. Human error often plays a role in successful breaches, and no amount of periodic security awareness training will eliminate that.

With today’s complex IT ecosystem – spanning both company- and employee-owned tablets, phones, work laptops, home computers, and phones – email access is ubiquitous. This means people can constantly refresh and check for updates 24 hours a day, seven days a week, no matter where they are or what they’re doing. The pervasiveness of email and the always-on-nature of modern work means employees are likely checking email every waking hour – if not more – and the intense cognitive load this places on them can prohibit them from carefully considering each email and its legitimacy before taking action on or responding to a request. A distracted employee coupled with a convincing email from a seemingly trusted sender allows for scammers to easily exploit socially-engineered trust so that targeted employee voluntarily transfers money, personally identifiable information, or confidential and proprietary information.

 

Impersonations are Phishers’ Weapon of Choice

Overall, nearly half (46 percent) of all respondents from a GreatHorn survey see executive, internal or external impersonations, with that number jumping to 64 percent among email security professionals. Business services spoofing was the second most prevalent email threat professionals experience (42 percent), followed by wire transfers (39 percent), credential theft (34 percent) and payload/malware (33 percent).

When breaking down the data by company size, the prevalence of threats is roughly the same, with companies with less than 500 employees seeing slightly higher incidences of wire transfer requests, payload/malware attacks, and credential theft scams. Meanwhile, companies with more than 500 employees were more likely to see executive impersonations and W2 scams.

 

Email Security is Not Just a Phishing Problem

While phishing is certainly the most pervasive attack, it’s not just ultra-sophisticated and personalized attacks that reach workers. One-third of email security professionals report that payload attacks (e.g. malicious/suspicious attachments or links) are still making it through their cybersecurity defenses, despite being arguably the most heavily guarded against threats.

These basic attacks continue to be successful because organizations have traditionally relied on technologies like secure email gateways (SEGs) to protect email – in fact, 53 percent of respondents report using SEGs to guard against email threats. SEGs were designed to operate at the perimeter, using a binary good/bad model. Prior to cloud email platforms like Office 365 and Google G Suite, this model, which first came into the market in the late 1990s, was moderately successful for spotting malware. Today’s modern, cloud-based infrastructure, however, requires a continuous protection model that can spot highly targeted spear phishing campaigns as well as general malware, and provides a mechanism for re-evaluating and remediating email as new threats emerge.

With traditional technical solutions from a bygone era, it’s no surprise that 40 percent of respondents report they need to routinely take significant remediation actions to counter basic attacks that get through their email security solution. Nearly two-thirds indicate experiencing major technical issues with their existing security solution. For example, 19 percent report that they have weak or no remediation capabilities if an email threat reaches an end user, and 21 percent believe their solution negatively impacts business operations (e.g. too many false-positives).

 

Managing Email-Based Threats in Today’s Modern World

These findings indicate that the threat surface is growing. While cybercriminals are becoming more sophisticated, organizations continue to rely on outdated, perimeter-based approaches to blocking threats. These solutions are designed to stop the flow of unwanted mail from entering the corporate infrastructure at a single point in time. However, these gateway-based tools are inadequate for detecting attacks that rely on social engineering tactics to fool employees – like the impersonations, wire transfer requests, W2 requests and business services spoofing that the majority of security professionals report seeing on a weekly basis – and many bypass the perimeter unnoticed.

Sadly, visibility is severely lacking within most of today’s enterprises, and it’s unrealistic for security teams to secure something they can’t see. For organizations looking to defend their teams, they need to look to an email security solution that takes a much more nuanced approach to email security. By evaluating different threat vectors and comparing emails against expected patterns of communication, automated email security tools can be much more effective at providing comprehensive post-delivery protection against targeted email attacks that traditional email security technologies cannot. Such tools correlate deep learning and metadata information – such as geolocation data, relationship strength between sender and recipient, organizational who-knows-whom information, and frequency of contact – to determine whether an individual message is an attempt to deceive an organization’s employees.

With this increased visibility, an enterprise can look at every message, every security incident, and every social connection point between employees, external vendors, customers and trusted contacts to programmatically identify email-based threats and alert security teams to a potential attack. This contextual analysis drives down time-to-detection response drastically and allows teams to address threats in real time. In addition, automation detects patterns what these teams might otherwise miss by continuously evolving user and organizational profiling.

As cybercriminals continue to launch increasingly advanced attacks, email security must be a top priority for all businesses. Automating detection, remediation and post-delivery incident response allows organizations to protect their people from today’s sophisticated email threats with much more success and efficiency than ever before.


About the Author

A 20-year veteran of the tech industry, Lorita Ba currently serves as head of marketing at GreatHorn. Ba has spent her career working at early- and mid-stage technology companies that help enterprises undergoing architectural shifts in data management, infrastructure and security. Most recently, she served as Interim Head of Marketing at NuoDB, where she was responsible for the strategy and execution of a comprehensive marketing strategy for NuoDB’s elastic SQL database.

KEYWORDS: cybercrime email security hackers phishing security education

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Loritaba

A contributing writer and 20-year veteran of the tech industry, Lorita Ba currently serves as head of marketing at GreatHorn. Ba has spent her career working at early- and mid-stage technology companies that help enterprises undergoing architectural shifts in data management, infrastructure and security. Most recently, she served as Interim Head of Marketing at NuoDB, where she was responsible for the strategy and execution of a comprehensive marketing strategy for NuoDB’s elastic SQL database.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Person holding cellphone

Millions of Android, iPhone Users Could Be Sending Data to China

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Top 3 Misconceptions About Data After Death - Security Magazine

    How organizations can avoid today’s biggest SaaS data security issues

    See More
  • cyber-security-freepik

    Lack of visibility is the biggest challenge for security leaders when safeguarding digital communications

    See More
  • THE CSO, the Enterprise leader

    The Biggest Cybersecurity Mistakes CISOs Might be Making Today

    See More

Related Products

See More Products
  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • 150 things.jpg

    The Handbook for School Safety and Security

See More Products
×
A 20-year veteran of the tech industry, Lorita Ba currently serves as head of marketing at GreatHorn. Ba has spent her career working at early- and mid-stage technology companies that help enterprises undergoing architectural shifts in data management, infrastructure and security. Most recently, she served as Interim Head of Marketing at NuoDB, where she was responsible for the strategy and execution of a comprehensive marketing strategy for NuoDB’s elastic SQL database.

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!