Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Protecting the modern cloud environment with cloud email security

By Mike Britton
cloud-security-fp1170x658v05.jpg

Image by biancoblue via Freepik

December 8, 2022

In the past, implementing email security meant integrating a secure email gateway to block emails that were sent from bad domains or included malicious attachments. The organizational infrastructure was likely on-premises, and all of the devices were company-managed, with limited entry and exit points into the network. Of course, business has changed quite a bit since then — especially in the aftermath of the pandemic. 


As companies adapt to a newly distributed workforce, employees are experiencing more freedom which is beneficial in many ways, allowing them to work from wherever they choose and spend more time with their families. But this freedom has also opened your organization up to new attack methods and allowed cybercriminals to take advantage of the altered and oftentimes remote-first work environment. 


The new business world is entirely cloud-based — or at least moving in that direction. Email, particularly, is in the cloud, with most organizations using Google Workspace or Microsoft 365 for email and allowing employees to access it from their personal laptops and mobile phones. In fact, recent research shows that 92% of organizations are either already using cloud email or have plans to do so. This shift has come with increased functionality and productivity, alongside decreased costs, but it also means that the attack surface has expanded exponentially. 


Typical email threats like spam, phishing campaigns, and malware downloads are still prominent, but there is an increasing shift to more sophisticated cloud-based attacks. There are two major trends in attacker strategy: inbound email attacks that use social engineering to complete their scams and email platform attacks that infiltrate email environments. 

 

Inbound Email Attacks are Evolving 

Cyberattacks are becoming more sophisticated every day. We’re seeing an increasing shift to targeted attacks like business email compromise, supply chain fraud, internal account compromise, and more. These socially-engineered attacks rely heavily on human behavior and can manipulate users into providing private data and unauthorized access to valuable financial assets. 


Unfortunately, traditional tools are largely incapable of detecting these attacks because they are text-based and lack traditional indicators of compromise. Without protection, organizations are vulnerable to devastating financial losses, with nearly $2.4 billion lost in 2021 alone, making up 35% of all cybercrime losses. And when it comes to exposed losses, the number has climbed to $43 billion over the past five years. 

 

Email Platform Attacks are Emerging

But in addition to the problem of these increasingly sophisticated inbound email attacks, there is a new category of emerging attacks that target email platforms through new entry points, or side channels. These email platform attacks infiltrate cloud email platforms through indirect channels such as access abuse over a third-party app API, stolen account tokens of a third-party application, over-provisioning of compromised accounts, and more. Take the News Corp attack that occurred earlier this year, for example, where attackers installed an Azure application into the Microsoft 365 tenant, which shipped logs of searches and emails to an external server on a nightly basis. And because the application had direct access to the tenant with zero side effects, it went unnoticed for an entire year!


Unfortunately, this is only one example of what increasingly sophisticated attackers can do — and how they can use these side channels to infiltrate email environments, ultimately causing financial losses, data breaches, and reputational damage. With dozens of new ways in, these emerging platform attacks could be more impactful than inbound email attacks, and they’re just starting to be discussed.

 

Expanding the Definition Of Cloud Email Security 

So what do we do? How do we stop the increasing breadth (and depth) of email attacks? To combat new and evolving cyberattacks, it’s critical that we expand our definition of cloud email security. Modern attacks require a modern solution, and basic inbound email security no longer provides enough protection. 


To protect our organizations from the threats of today and the future, we must invest in AI-based technology. It is only by understanding the normal behavior of every internal and external identity in the cloud ecosystem and taking those behavioral learnings to create relationship graphs that we can create a normal baseline. From there, security tools must be risk-aware, taking these learnings to accurately analyze the risk of every single event and precisely detect anomalies — blocking and remediating those that deviate.


When a cloud-native security tool is in place — one that understands identity, context, and risk — organizations are truly protected from both inbound email threats and email platform attacks. Ensuring that we prioritize that as a security community has never been more important as we work together to stay one step ahead of cybercrime. 

KEYWORDS: cloud security cyber security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mike Britton is the CISO of Abnormal Security where he leads the information security and privacy programs. He is integral in building and maintaining the customer trust program, performing vendor risk analysis, and protecting the workforce with proactive monitoring of the multi-cloud infrastructure.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cloud icon

    71% of Organizations Cannot Cover the Cloud Environment With Current Tools

    See More
  • Report Says Email Security in the Cloud More Secure, Less Expensive

    See More
  • cloud security

    Security without borders: Protecting cloud apps

    See More

Related Products

See More Products
  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • intelligent.jpg

    Intelligent Network Video: Understanding Modern Video Surveillance Systems, Second Edition

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

See More Products

Events

View AllSubmit An Event
  • July 13, 2011

    NYC Infragard monthly security summit focused on cloud computing and email archiving.

View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!