Email is undergoing a fundamental transformation as organizations worldwide shift more office productivity and business applications to the cloud. With around 95%1 of the Fortune 500 using Office 365, Microsoft arguably leads this movement.
But for all of its convenience and utility, email has always been highly vulnerable to cyberattacks on multiple fronts, providing fertile grounds for the email security market to grow at an estimated 22% annually, putting it on track to reach around $18B by 20232. Organizations are spending billions to secure their email, but is all that money being invested wisely?
The secure email gateway (SEG) represents a sizable chunk of that spend. Unfortunately the SEG is no match for modern identity-based attacks that easily evade signature-based detection. As a point of proof—today around 94% of data breaches originate from email3 not to mention countless fraud losses from schemes including spear phishing, executive and vendor impersonation, ransomware, and account takeovers.
Recognizing that email security is an organizational priority, about 60% of large organizations will have comprehensive security awareness training in place by 20224. But, as security training becomes the norm, SOC teams already dealing with an overall cybersecurity skills shortage are becoming inundated with employee-reported phishing incidents—of which around 68% globally are ultimately determined to be false positives5.
The email security market will grow an estimated 22% annually, putting it on track to reach around $18B by 2023
As they migrate to Office 365, more organizations are recognizing that current investments in email security and incident response deserve a closer look. While legacy email security vendors continue to shore up the secure email gateway and the financial annuity it represents to them, more organizations are embracing the reality that current email security architectures are fundamentally inadequate.
Cloud-first organizations are ditching the SEG and taking advantage of the enriched security features in Microsoft Office 365 and the new Secure Email Cloud architecture, a combined solution designed to stop malicious email attacks that often come without malware or other recognizable payloads. They have found that the SEG impedes the native security controls of Office 365 by obscuring the email header and feedback loop. By removing the SEG, they have improved security, reduced costs and enabled business agility.
This new approach blocks not only traditional spam, virus, and malware, but also the next generation of identity deception attacks. It secures the corporate sending domain from unauthorized use. And, in a significant departure from legacy security controls, it detects threats moving laterally across the organization and remediates newly identified threats that have made it to the inbox by evading initial detection or that weaponized post-delivery.
More organizations are embracing the reality that current email security architectures are fundamentally inadequate
1. Microsoft CEO Satsa Nadella’s 6 Key Statements at Inspire 2019
2. Email Security Market Work US $18 Billion by 2023 at 22% CAGR…
3. Agari Research
4. Gartner Magic Quadrant for Security Awareness Computer-Based Training
5. Agari Q4’19 Email Fraud and Identity Deception Trends Report