Virtualization Technology News and Information
Valimail 2020 Predictions: The Year of Email Security Takes Center Stage

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Peter Goldstein, CTO & co-founder, Valimail

The Year of Email Security Takes Center Stage

Of the many cybersecurity concerns, ransomware and business email compromise (BEC) have been top of mind in recent months for all organizations - enterprises, government agencies, nonprofits, and even school districts. What these two types of attacks have in common is that they are almost always initiated via email. In fact, more than 90% of all cyberattacks start with a phishing email. Therefore, locking down inboxes to shut out malicious emails is critical. The following are my predictions for how email will continue to be used as a key vector to launch devastating cyberattacks, as well as the strides that organizations will take to improve email security in 2020.

1.  Email security will prove to be the weakest link in election security.  Many elements of election infrastructure are vulnerable to email-based attacks, as we saw in both 2016 and 2018. This means email security must be a priority for defending the integrity of the 2020 presidential election. But research shows the majority of U.S. states are overlooking this vulnerability. Only 5% of email domains associated with local election officials across the U.S. have implemented and enforced Domain-based Message Authentication, Reporting and Conformance (DMARC) adoption.

DMARC is a widely accepted open standard that ensures only authorized senders can send emails from a particular domain. It's one of the most basic and highly effective means of stopping phishing attacks, which is why the Department of Homeland Security mandated its use for federal agencies in 2017. Yet below the federal level, governments remain vulnerable. In May 2019 we learned Russian hackers breached two county election systems in Florida via a spear-phishing campaign, and in November we learned of a phishing-based ransomware attack on Louisiana during an election cycle.

Because only a tiny percentage of counties and states have DMARC configured in a way that actually enforces a ban on fraudulent senders, email remains an easy way in for malicious actors looking to disrupt our elections.

2.  DMARC adoption will grow across industries. Outside of the government, we'll see a continued increase in DMARC adoption. The number of domains using DMARC has grown 5x in the last 3 years. We'll see increased growth across several verticals in 2020 - especially healthcare and government. Following the lead of the federal government's civilian branches, the Department of Defense will soon be requiring all of its domains to enforce DMARC, resulting in an increase in the number of military domains protected. H-ISAC, a global nonprofit organization serving the health care sector, has urged health care companies to adopt DMARC as part of best practices for securing email, and as a result we've already seen a rise in adoption rates in this vertical. This growth will continue throughout 2020.

3.  Major brands will lead the way with BIMI. Brand Indicators for Message Identification (BIMI) is an email standard that will change the way people interact with their favorite brands via email. BIMI provides a framework through which an organization can provide an authorized logo for display in the recipients' inboxes alongside authenticated email from that organization. We predict BIMI will grow in popularity, especially among large enterprises and prominent brands that rely heavily on the trust and engagement of their customers. In fact, Google will be launching a BIMI pilot in 2020, which will help spur adoption. Research by Verizon Media has shown that BIMI can increase open rates and boost customer engagement, giving marketers a big incentive to support the email authentication that is a prerequisite for BIMI.

4.  Ransomware's impact will continue to rise. Ransomware will continue to plague organizations with financial losses, both direct and indirect. Most of these attacks originate via spear phishing, and this will continue to be a prominent attack method. This tactic has already proven to be costly for many organizations, including city governments around the U.S. In 2018 alone, the FBI reported $3.6 million in direct losses due to ransomware, and 2019 is shaping up to be equally devastating. It's entirely plausible we'll see U.S. losses reach exceed $10 million in 2020, just from ransom payments (not counting additional losses due to lost business, time, wages, files, equipment, and third party remediation services).


About the Author

Peter Goldstein 

Peter is an MIT and Stanford trained technologist who has worked in a variety of software verticals including security, enterprise, email, and video. He has built products and teams at a number of large technology companies such as RSA Security and Perot Systems, as well as at small startups like Tout, Securant, and Swapt.

Published Tuesday, February 04, 2020 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2020>