Making an appointment, sending and receiving bills or requesting information. We all still use email for that. Email has come a long way in the past fifty years and has become a staple of modern business communication tools. Whether as standalone application, a web form, or as an integrated part of a cloud solution such as Microsoft 365 or Google.
The goal of email has remained mostly the same over the years: information is exchanged between parties. In text, as a web form or text with an attachment. This information can be personal, or confidential in another way. It is important for unauthorized persons to (gain) access to this information. That may sound obvious, but it might not always be the case.
Securing cloud solutions
Many organizations use a cloud solution with all kinds of applications that enable collaboration. This calls for well-configured and segmented networks, proper access policy and setting up security organizations use a cloud solution with a variety of applications that enable them to collaborate. This requires well-configured and segmented networks, sound access policies and setting up security functions. Despite the security options included with these cloud solutions, experts agree that these options do not offer protection against all advanced cyber threats.
in February 2023, the analysts in Gartner’s Market Guide for Email Security advised: “[Microsoft and Google’s capabilities] are decent but insufficient for some sophisticated attacks. … Evaluate built-in email security capabilities provided by cloud email systems and augment it with third-party solutions for handling sophisticated attacks.”
We provide a number of reasons why enhancing email security might be a good idea for you: Proofpoint’s State of the phish report shows that Microsoft’s popularity with cybercriminals remains undiminished. With a market share of 88.1% in 2021 (Vendor report by Garner) the potential is huge. That is reflected by the following:
- Of the nearly 1,600 campaigns with regard to brand abuse in 2022, Microsoft is listed at the top as the most commonly abused brand.
- Over 30 million messages in 2022 used Microsoft branding or contained a Microsoft product such as Office or Onedrive.
This means that, once cybercriminals have found a way, they suddenly have got a huge potential reach by using the same system and their own controls.
Cybercriminals more professional
In addition, cybercriminals are becoming increasingly more professional. Phishing emails have moved on from Nigerian prince messages a long time ago. Currently, cybercriminals are using advanced techniques to, for example, obtain multi-factor authentication tokens. Do not however: that does not impact just the email environment. That can put the entire Microsoft 365 environment at risk! After all, most cybercriminals don’t stop once they have gained access to the company directory or the files in SharePoint. That access is only the beginning of attacks in which the eventual consequences are often incalculable. The ransomware attack in many cases start with an employee opening a malicious email or attachment. The deployment of advanced tooling, such as Proofpoint, to detect and mitigate such an attack is an absolute necessity in halting a possible ransomware attack.