Why do we continue to rely on the 'weakest link' to protect our organizations' email?
Email security continues to be a top concern of organizations, with 94 percent of all cyber attacks being delivered through email. As the most frequently used communication channel across all industries -- no wonder threat actors love exploiting it!
The conventional approach to email security is failing. Our latest research found that an average of 75 malicious messages per 100 mailboxes slip past traditional email security filters every month. Consequently, organizations put employees through countless hours of security training with hopes they spot and report these threats to security operations centers. The so-called Human Firewall.
However, the human firewall approach is ineffective. Firstly, firewalls are programmed to make the same decision over and over, at scale. Humans are not. Our decision-making abilities degrade due to stress, fatigue, and distractions. Secondly, the employee landscape is constantly changing, meaning the effectiveness of training programs ebb and flow. Finally, workflows that rely on end-users to report suspicious emails produce an overwhelming volume of alerts. Security teams monitor and respond to hundreds of these alerts every day, many of which are false positives, leading to a lower detection rate and reduced productivity.
A human-led approach will always be the 'weakest link' in email security, so what’s the alternative?
Moving beyond threat prevention
We must accept that employees will always be the target of email attacks, and some will reach inboxes undetected. The faster and more accurately these threats are detected in the mailboxes, the faster they can be remedied.
However, relying on end users and security analysts to detect and respond to each threat is not only time-consuming, but costly. We calculated that human-led threat detection costs organizations an average of $82,413 per year per 1,000 email users. The cost does not include the thousands of hours employees spend participating in security training.
Instead, we must implement threat detection tools focused on post-delivery inspection rather than filtering. Coupling this detection approach with automated removal of malicious messages helps organizations detect and eliminate threats in real-time across all inboxes. Our research found that automated solutions, using methods like natural language processing, user entity behavior analytics, and real-time content analysis, detect 99 percent of confirmed inbox threats in real-time. The mean time to respond (MTTR) is also significantly lower for automated solutions.
What’s more, an automated approach removes the burden on the security teams and reduces operational costs for organizations who no longer need a dedicated email security team.
Establishing effective email security
Organizations should also elevate security training by giving users tools to scan suspicious messages and providing smarter warnings than just, "This email was sent by an external sender." Instead of relying on employees to spot all the threats that slip past the perimeter, engage them for initial analysis of suspicious messages. This approach is proven to more efficiently classify the small percentage of messages that are false negatives or otherwise unclassifiable (read: suspicious).
Organizations can also outsource email threat hunting responsibilities to external incident response teams. Saving companies the cost of employing an in-house team, we also found outsourced teams almost three times faster at investigating and eliminating threats than in-house teams.
Combining these approaches with automated detection solutions helps organizations to reduce their exposure to targeted email threats and reduce the operational costs of their defenses.
Mike Fleck is Senior Director, Sales Engineering at Cyren.