Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Expect the Email Security Market to Reshape Drastically in 2021
By Abhishek Iyer, Director of Product Marketing at Armorblox
2020
was the year that none of us could have predicted or imagined. However, while
the entire world was grappling with the economic and humanitarian crisis caused
by COVID, cyber attackers were behaving predictably. There was a marked
increase in targeted email attacks that exploited people's fears and confusion
around COVID to make quick profits. We expect this trend to continue. Here's
how we expect the email security market to continue to reshape and evolve in
2021.
1. COVID related email fraud will continue to defraud
organizations of all sizes
Cybercriminals
will launch a variety of email and communication-based scams around COVID
vaccinations in 2021. As COVID infections rose in March and April 2020,
cybercriminals jumped on this fear and uncertainty by weaving the pandemic into
their email scams. In mid-April, Google's Threat Analysis Group reported that
they detected 18 million COVID-19 themed malware and
phishing emails per day. Attackers are using COVID relief funds, test results
from doctors, organizational COVID policies, and any other COVID-related
context available to them.
As
vaccinations get disbursed in 2021, we will all feel a sense of uncertainty and
expectation (when will I get my vaccine?). Expect cybercriminals to
weaponize this sense of expectation in their email scams.
2. Large enterprises will require their third-party vendor
ecosystem to beef up email security
Large
enterprises will revise their third-party vendor partnership requirements to
protect against email compromise. There has been an observed spike in smaller
vendors being compromised by cybercriminals, and the email accounts of those
vendors being used as attack vectors against larger organizations that the
vendors work with. These scams include fake invoices, phishing links to collect
sensitive information, and other means to defraud organizations of money and
data.
To
combat the vendor fraud problem, larger organizations will require their
vendors/partners to implement SSO, password management, 2FA, and other ‘table
stakes' security hygiene best practices.
3. Continued migration to cloud email will encourage more
organizations to go SEG-free in favor cloud-hosted API-based applications
Cloud
email adoption will force organizations to rethink their approach to email
protection. Gartner projects at least 40% of all organizations will rely on
built-in protection capabilities from cloud email providers as the main line of
defense by 2023. Email moving to the cloud opens up avenues for better threat
detection using AI, utilizing APIs to collect and analyze data, and more
seamless post-click protection against email threats than is currently possible
in deployments on premise.
4. Awareness and investments in "business workflow compromise"
will increase as email based business workflows continue to dominate inside
organizations
CISOs
and security leaders will consider ‘business workflow compromise' a key
challenge to combat in 2021 and beyond. Employees participate in many digitized
workflows (automated password resets, employees asking the payroll team to
change direct deposit info, share Google Docs with colleagues, etc.), and
executing on these workflows has become muscle memory by now. Cybercriminals
are inserting themselves into these workflows using impersonation and social
engineering to make their victims ‘click before they think.'
Organizations
will start putting people, tools, and processes in place to protect employees
and restore trust in digitized business workflows.
##
About the Author
Abhishek Iyer is Director
of Product Marketing at Armorblox, where he is responsible for product
messaging and positioning, analyst relations, public relations, content marketing,
and other marketing functions. Prior to Armorblox, Abhishek was the first
product marketing hire at Demisto and helped run a wide range of marketing
activities as the company grew from 35 employees to 250+ employees before its
acquisition by Palo Alto Networks. Abhishek holds a BE in Electronics
Engineering from BITS Pilani, an MBA from the Indian Institute of Management
Kozhikode, and an MS in Marketing from Purdue University, where he graduated as
the class valedictorian. Abhishek enjoys writing about soccer, video game
design, security, and anything else his mother might like to read.