We all evolve, industries evolve, systems and technology evolve. Email protection solutions have shown significant improvements over years.
Getting access to a computer and creating an email address was just fun and often thought of as a privilege, the birth of emails and basic email protection happened during 1971 but for me, the use of email came in late in the 90’s.
The invention of DNS, the common use of TCP/IP and the popularity of email caused an explosion of activity on the internet. Between 1986 and 1987, the network grew from 2,000 hosts to 30,000. People were using the internet to send messages to each other, read news and swap files.
As email became a widespread communication tool, spam emerged as a significant issue. Email users had no clue about spam emails and its associated risks. Early spam filters were introduced to detect unsolicited emails based on simple keywords and patterns. Basic tools began scanning emails for viruses, SMTP was standardized but it lacked robust security measures, leading to issues like email spoofing. The lack of sender authentication led to a rise in email spoofing and identity theft. Early 2000, there was a rise of sophisticated threats, phishing became a prevalent threat and email was consistently used as an attack vector for spreading malware and ransomware.
"Breaches caused by phishing took the third longest mean time to identify and contain at 295 days."
IBM’s Data Breach Report
Back in the days, email and email security was handled by the IT Back-office teams, organizations such as Microsoft learned about the threats and began building security features with Microsoft Exchange. There has been a lot of development and changes to what Exchange can offer today.
Microsoft has announced the deprecation of Basic Authentication for Outlook personal email accounts, effective from September 16, 2024. This move enhances security for consumer customers; also starting September 16th, Microsoft personal email account users (e.g. Outlook.com, Hotmail.com, Live.com) will need to move to Modern Authentication methods in their email application. These will be necessary for all Outlook users.
While Basic Auth was the standard for quite some time, it also made it easier for bad actors to capture a person’s login information. This increased the risk of those stolen credentials being reused to gain access to a person’s email or personal data. Email-based cyberattacks have only increased with time, so we are requiring modern authentication for all Outlook customers to better help protect their personal accounts.
With Modern Authentication methods we apply additional backend processes/tokens that users may not notice to add an extra layer of security. Anyone who is attempting to use an application which does not support modern authentication will no longer be able to access their Outlook.com, Hotmail or Live.com email from those applications.
Traditional email monitoring, improving detection for Business email compromise, and enabling office ATP is helping to safeguard against these attacks.
Third party point products that offer secured email gateway and email encryption is still the norm for many organizations. When you implement these email security products, ensure that they integrate with other security products within the landscape and help you use the shared intelligence.
“Predict Risk and Eliminate Threats”
You will need to consider incoming as well as outbound email traffic when you plan to improve your email security.
We could potentially see that phasing out of secured email gateway as a point product and see the capability being absorbed in solutions that offer secured email gateway capabilities, AI and ML based email scanning, where the traditional spam filter and attachment scanning engines are still working in the background and take decision based on the learnings and warn users about the threats,
“84% of US-based organizations have stated that conducting regular security awareness training has helped reduce the rate at which employees fall prey to phishing attacks.”
The modern way of working needs suspicious and potential malicious emails to be automatically remediated without involving an analyst, we will see this improving and solutions mature. Organizations are still focusing on enhancing their end-user cybersecurity awareness training, implementing of MFA, and using encryption.
Remote working and cloud adoption has pushed the vendors to develop and enhance integrated cloud email security (Microsoft, google) . Data leakage prevention rules have been part of SEGs for many years: Emails can be blocked, redirected or encrypted based on analysis of their content. These capabilities are often part of a wider DLP portfolio.
In the age of Zero Trust, email will continue to be a critical communication tool, the focus has shifted towards predictive analytics, threat intelligence sharing, and the integration of email security into broader cybersecurity frameworks. The use of AI-driven defense mechanisms, combined with ongoing user education and regulatory compliance, is shaping the future of email protection.
