Expect the Email Security Market to Reshape Drastically in 2021

By Abhishek Iyer, Director of Product Marketing at Armorblox

2020 was the year that none of us could have predicted or imagined. However, while the entire world was grappling with the economic and humanitarian crisis caused by COVID, cyber attackers were behaving predictably. There was a marked increase in targeted email attacks that exploited people's fears and confusion around COVID to make quick profits. We expect this trend to continue. Here's how we expect the email security market to continue to reshape and evolve in 2021.

1. COVID related email fraud will continue to defraud organizations of all sizes

Cybercriminals will launch a variety of email and communication-based scams around COVID vaccinations in 2021. As COVID infections rose in March and April 2020, cybercriminals jumped on this fear and uncertainty by weaving the pandemic into their email scams. In mid-April, Google's Threat Analysis Group reported that they detected 18 million COVID-19 themed malware and phishing emails per day. Attackers are using COVID relief funds, test results from doctors, organizational COVID policies, and any other COVID-related context available to them.

As vaccinations get disbursed in 2021, we will all feel a sense of uncertainty and expectation (when will I get my vaccine?). Expect cybercriminals to weaponize this sense of expectation in their email scams.

2. Large enterprises will require their third-party vendor ecosystem to beef up email security

Large enterprises will revise their third-party vendor partnership requirements to protect against email compromise. There has been an observed spike in smaller vendors being compromised by cybercriminals, and the email accounts of those vendors being used as attack vectors against larger organizations that the vendors work with. These scams include fake invoices, phishing links to collect sensitive information, and other means to defraud organizations of money and data.

To combat the vendor fraud problem, larger organizations will require their vendors/partners to implement SSO, password management, 2FA, and other ‘table stakes' security hygiene best practices.

3. Continued migration to cloud email will encourage more organizations to go SEG-free in favor cloud-hosted API-based applications

Cloud email adoption will force organizations to rethink their approach to email protection. Gartner projects at least 40% of all organizations will rely on built-in protection capabilities from cloud email providers as the main line of defense by 2023. Email moving to the cloud opens up avenues for better threat detection using AI, utilizing APIs to collect and analyze data, and more seamless post-click protection against email threats than is currently possible in deployments on premise.  

4. Awareness and investments in "business workflow compromise" will increase as email based business workflows continue to dominate inside organizations

CISOs and security leaders will consider ‘business workflow compromise' a key challenge to combat in 2021 and beyond. Employees participate in many digitized workflows (automated password resets, employees asking the payroll team to change direct deposit info, share Google Docs with colleagues, etc.), and executing on these workflows has become muscle memory by now. Cybercriminals are inserting themselves into these workflows using impersonation and social engineering to make their victims ‘click before they think.'

Organizations will start putting people, tools, and processes in place to protect employees and restore trust in digitized business workflows. 

##

About the Author