For teissTalk, host Jenny Radcliffe recently welcomed a panel of cybersecurity experts to answer the question: why do we still see email security as only a perimeter problem? For this session, Jenny was joined by:
- Fahim Afghan, Senior Product Marketing Manager at Egress
- Benjamin Corll, VP of Cybersecurity and Data Protection at Coats
- Vlad Brodsky, CISO at OTC Markets Group
- Edward Tucker, CISO and Co-Founder of Email Auth, Byte and Human Firewall
In case you couldn’t make it, we’ve recapped the key points of the discussion below.
Email is the go-to communication tool for many, particularly during remote working. In fact,Egress research found that 85 per cent of employees say they’re using email more since they started working from home due to the pandemic. Traditionally, security software has been deployed at the perimeter, but this approach no longer provides adequate protection for email users in 2021.
Employees are communicating digitally more than ever before, specifically using email, and as a result the threat landscape has changed.
With the surge in email volumes caused by remote working, the risk of outbound email data breaches has grown accordingly. The Egress research found that 60 per cent of remote employees are working from environments where interruptions and distractions are common, increasing the risk that a mistake might be made, such as sending an email to the wrong recipient or attaching the wrong file. It’s no surprise the research found that 68 per cent of IT leaders believe that remote and flexible working will make it more difficult to prevent outbound email data breaches in the future.
In addition to accidental breaches, employees also sometimes intentionally “break the rules” when using email. Often this isn’t done with malicious intent – employees are busy, and sometimes they cut security corners to get their jobs done. Such employees might, in an effort to save time, send a sensitive file via plain text email, rather than via an email encryption tool they know their recipient won’t want to use.
People are also vulnerable to targeted phishing attacks, and although these originate externally, they rely on employee error to be successful. Increasingly, the most targeted and damaging of these attacks are too sophisticated to be detected by perimeter technology and therefore rely on employees to detect when there’s a threat.
More than ever, we need to consider the ‘human layer security’ in addition to the ‘network layer security’ that includes the external perimeter. This human layer needs to be supported with the right technology that enables employees to do their job securely and without negatively impacting productivity. To mitigate insider risk on email, organisations must adopt the right technology that takes employees’ behaviour and the context in which they’re working into consideration. The answer here is machine learning, which understands how individual employees use email day to day and identifies abnormal behaviour when it occurs, mitigating the risk of data loss via email.
If you’d like to see the webinar in full, you can watch a recording here.