The essential role of email security in the modern workplace

According to Mimecast’s latest State of Email Security report, 97% of companies have been targeted by email-based phishing attacks — a huge 61% jump from  the prior year[1].

With that in mind, Dan Birchall, Account Management, reflects on the importance of combining tried and tested email security solutions with curating a culture of cyber awareness within your business.

How has the risk landscape changed recently?

In today’s tech-centred working world, pretty much everything is interconnected, so any security shortcomings across a company’s entire supply chain can have a devastating domino effect. This was recently seen in the MOVEit data breach, the full impact of which is still being uncovered.

But there is a positive — with high-profile attacks hitting the headlines almost constantly these days, there is a growing awareness that cyber risk isn’t just an IT problem. It’s of critical concern when considering overall business risk, so decisions such as mergers and acquisitions and supply chain partnerships are now being made with cyber risk front of mind.

What role does email play in this?

For cyber criminals, email remains the primary and most effective route of attack. As a result, and as phishing becomes ever more sophisticated, we’re seeing many of our customers consider a breach an inevitability.

And with the rise of AI chatbots such as ChatGPT, the basic poor-spelling-and-grammar giveaway of many phishing attempts is no longer a reliable clue. Now, threat actors can use AI to overcome poor English and send more cohesive emails that are less likely to be caught by spam filters — and by unaware end users.

To counter this, implementing world-class email security measures is imperative as the first line of defence for your business.

What features are important in an email security solution?

Organisations should look for a solution that blocks malware, spam and other threats using advanced spam and phishing detection and targeted threat detection.

On top of this, some tools offer advanced impersonation detection to protect against business email compromise, a sophisticated and often financially significant type of attack based on social engineering instead of malicious URLs or email attachments.

And with threat actors now taking advantage of AI, businesses should also harness its power to enhance their own cyber resilience.

Finally, any solution should be scalable, cloud-based and integrate seamlessly with existing email infrastructure.

What else should organisations be thinking about?

While technology plays a key role in cyber security, the single most important step any organisation can take is to educate and empower its people.

Although many companies deliver some kind of security awareness training to their employees, Mimecast reports that only 18% provide this on an ongoing basis[2] — which is important because the threat landscape is constantly evolving with new risks emerging. And because the goal is behaviour change, a good security awareness programme will be able to quantify this with simulations and metrics to prove its success.

We’ve described this before as building a ‘human firewall’ — the last line of defence. Because when it comes to cyber security, the human element can be your greatest weakness — or your greatest strength.

To find out more about email security and strengthening your cyber security posture, talk to our expert team today on 03330 11 22 55.

[1] State of Email Security Report 2023 – Mimecast

[2] State of Email Security Report 2023 – Mimecast