Osterman Research

Executive summary

Cybercriminals continue to invest in next-generation phishing attacks, for example by leveraging AI for hyper-personalization, compromising Microsoft 365 accounts to use in internal phishing attacks, and subverting trusted conveniences such as QR codes for malicious purposes. Microsoft’s native email security capabilities in Microsoft 365 have repeatedly proven unable to identify all phishing attacks, depositing weaponized malicious emails in user inboxes as a result.

Every organization must face up to this problem—what to do about the ones that get through. With organizations “just one” away from an incident—just one phishing email that gets through, just one click on a malicious link, and just one employee who sends an email to the wrong person—dramatically strengthening defensive posture against emerging phishing threats is a critical priority.

KEY TAKEAWAYS

The key takeaways from this research are:

• Phishing attacks continue to get worse

Cybercriminals continually invest in new and more sophisticated phishing campaigns, resulting in organizations facing surging volumes of phishing attacks that are increasingly difficult to detect. Cybercriminals leverage phishing-as-a-service offerings, toolkits that circumvent MFA protections, and generative AI to increase plausibility and decrease social engineering signals, among others. Phishing attacks are frequent and incidents costly.

• Relying on Microsoft 365 only for email security is a risky proposition

Cybercriminals have proven themselves adept at finding their way through the capabilities and protections in Microsoft 365 to land phishing threats in users’ inboxes. With Microsoft 365’s native email security capabilities not detecting and blocking every threat, organizations relying solely on Microsoft’s native capabilities are at high risk of compromise.

• Complementary third-party email security solutions offer better security at a lower price

Third-party solutions stop the attacks that Microsoft misses, leverage AI for anomaly detection, and de-weaponize malicious URLs. Organizations often lower their recurring cost structure by complementing less costly Microsoft 365 plans with third-party email security offerings as opposed to licensing the costliest Microsoft 365 plans.

• Multiple reasons for multiple layers of protection against email threats

Many organizations prefer having a diversified portfolio of protections against email threats, offering multi-layer, defense-in-depth security to stop more email attacks. With Microsoft 365 being a key target for cyberattacks, Microsoft’s vast product suite heavily targeted for vulnerabilities, the Microsoft brand routinely among the most impersonated, and Microsoft falling victim to high-profile attacks, something not from Microsoft has become critical.

ABOUT THIS WHITE PAPER

This white paper was commissioned by TitanHQ. Information about TitanHQ is provided at the end of the paper

Organizations are “just one” away from an incident—just one phishing email that gets through, just one click on a malicious link, and just one employee who sends an email to the wrong person.

Trends with phishing attacks

Cybercriminals are continually investing in new and more sophisticated phishing campaigns. Organizations are facing surging volumes of phishing attacks on the one hand, along with increasing diversity of attacks on the other. In this section, we review current trends with phishing attacks.

PHISHING-AS-A-SERVICE OFFERINGS

Phishing-as-a-service offerings allow entry-level and low-skilled cybercriminals to access high-quality phishing capabilities developed by experienced cybercrime gangs. This places advanced phishing capabilities within easy reach of any wannabe cybercriminal, eliminating barriers to entry and the cost of learning. Phishing-as-aservice offerings include capabilities for targeting victims, crafting optimal phishing messages, and circumventing the cybersecurity controls established by organizations to protect their employees.

PHISHING TOOLKITS CIRCUMVENT MFA PROTECTIONS

Phishing toolkits and phishing-as-a-service offerings now routinely include capabilities for circumventing the MFA protections that organizations have adopted. MFA has previously been treated by organizations as a critical control to protect against phishing messages and other malicious activities. In response, cybercriminals have adapted their toolkits and approaches to bypass many of these protections, particularly one-time codes sent via SMS and email and even those supplied by authenticator apps. Cybercriminals capture a victim’s credentials and one-time code through a phishing site and then immediately resubmit those stolen credentials to the real site (often Microsoft 365) using automation.

While employees have been trained to use MFA due to its inherent uplift in security—even though some forms of MFA are disruptive to their workflow—that sense of security is being turned against employees and organizations by modern phishing toolkits.

Phishing-as-a-service offerings allow entry-level and low-skilled cybercriminals to access high-quality phishing capabilities developed by experienced cybercrime gangs.

GENERATIVE AI TO MIMIC TONE AND INCREASE PLAUSIBILITY

ChatGPT and other generative AI services captured the attention of office workers and cybercriminals alike. One of the telltale signs of a phishing message has been poor grammatical construction, with spelling errors a second sign. Many employees have been trained through security awareness training courses to look for these easy signs of malicious intent, but the emergence of generative AI services in general and malicious generative AI services in particular threaten to eliminate these easy-to-spot signals.

Cybercriminals can use generative AI services to increase the plausibility of phishing messages and reduce the social engineering warnings that have previously been easy to spot. For example:

• Grammatically correct phishing messages Cybercriminals can ask ChatGPT or a malicious generative AI service to write a persuasive message in grammatically correct English or any other desired language, and even target the message to a specified individual based on their social media activity. While ChatGPT and its ilk supposedly have guardrails in place to prevent the use of its capabilities for malicious purposes, writing a persuasive message is a standard and common business practice, which makes it difficult for generative AI services to distinguish between productivity and malicious use cases.

• Impersonation of a particular participant Cybercriminals can load an email thread from a compromised mailbox into a generative AI service and ask the service to write a request for money, data, or system access using the style, tone, and communication nuances of a particular participant in the thread. Impersonating the writing style of a specific person makes detection increasingly difficult.

HYPER-PERSONALIZATION

The confluence of phishing-as-a-service offerings, MFA bypass capabilities, and generative AI to personalize phishing messages and adapt to the writing style of the impersonated individual unleashes a powerful toolkit for cybercriminals to use for malicious purposes. When combined with billions of personal data records compromised through the widespread data breaches of the past five to ten years, phishing messages can be hyper-personalized for micro-targeting.

Phishing campaigns routinely reference the victim’s manager, evidence current awareness of projects and travel plans, and make requests that appear normal and expected within the communication patterns of all involved. These attributes decrease the intensity of the social engineering warning signals inherent in a phishing message, and the uniqueness of these messages makes it difficult for traditional email security defenses to detect and identify them.

USING COMPROMISED ACCOUNTS FOR INTERNAL PHISHING ATTACKS

A successful phishing attack that captures the credentials for a Microsoft 365 account is only the beginning of the incident. Compromised credentials can be leveraged for data theft in some instances and internal phishing attacks in others. When internal phishing is the desired gain, cybercriminals use the compromised account to send further malicious messages to other employees (and managers and executives) at the compromised organization.

Internal phishing messages are in pursuit of:

• Multi-account persistence due to lateral movement, by compromising other high-privilege accounts

• Data theft, by requesting confidential or sensitive data

• Financial gain, by requesting a change to payroll details or by supplying a falsified invoice for payment

Cybercriminals will attempt to hide their presence in an email account by setting up rules to move new messages into hard-to-find folders, delete recently sent malicious messages, and put in place other actions that decrease the likelihood that the actual owner of the mailbox will become aware that something is amiss.

The use of a compromised account for sending phishing messages destroys the efficacy of email security protections to make benign versus malicious assessments based on the reputation of the sending infrastructure, the age of the domain, and other longstanding checks and balances in many email security offerings

The use of compromised accounts for sending phishing messages often destroys the efficacy of email security protections.

MULTI-STAGE PHISHING ATTACKS

Cybercriminals are using multi-stage phishing attacks to build rapport, establish trust, and pre-signal intent. These are normal and valid activities that people undertake in business communications all the time, and hence the ability for both people and email security systems to detect multi-stage attacks is much lower than for single-shot phishing attacks. Some multi-stage phishing attacks traverse different communication channels (e.g., email, WhatsApp, Telegram, text, phone calls), while others also involve multiple cybercriminals in a coordinated attack (e.g., the Phantom Hacker attack ). Using large language models trained on new and emerging phishing attacks is a key approach to stopping attacks in their earliest stages.

NEW TYPES OF PHISHING ATTACKS, FOR EXAMPLE, QR CODE PHISHING

Cybercriminals are innovators. They don’t rest on the success of yesterday’s attack patterns or keep plugging away using the same malicious playbook. They continually look for what’s new, what’s next, and what’s possible to drive the efficacy of malicious phishing campaigns.

Over the past year, phishing attacks using QR codes emerged as one of the latest approaches for evading technical email security protections and tricking users. The adoption of QR codes for valid business practices increased during the COVID years to counteract social distancing restrictions, and as people have grown accustomed to scanning a QR code in their private lives, that trust has been weaponized for malicious purposes. One recent research study found that 76% of organizations have been compromised by emerging image-based and QR code phishing attacks over the previous 12 months. A different research study reported that 89.3% of all QR code-based phishing attacks sent via email are after account credentials, meaning that QR code phishing attacks are just the latest form of a longstanding attack pattern. That same study indicated that C-suite executives receive 42 times as many QR code phishing attacks as an average employee, highlighting the hyper-personalization and micro-targeting possible with modern phishing attacks.

Cybercriminals continually look for what’s new, what’s next, and what’s possible to drive the efficacy of malicious phishing campaigns.

SOCIAL ENGINEERING ATTACKS ARE SURGING

In its 2013 report on data breaches, Verizon quantified the mathematics of phishing campaigns. Verizon said that an attacker has more than a 50% likelihood of getting a user to click a link in a phishing message after sending just three targeted phishing emails. If 10 phishing emails are sent, the likelihood increases to almost 100%. While this math is no longer valid due to improvements in technical protections and human defense layers, the essentially guaranteed results unleashed a decade of surging social engineering attacks. Today, the numbers on email attacks include:

• 156,000 phishing attacks per day

From April 2022 to April 2023, Microsoft Threat Intelligence detected an average of 156,000 business email compromise (BEC) attacks per day, a financially motivated type of phishing campaign.  Assuming that the investments in email defenses made by organizations over the past decade since the publication of the Verizon numbers above have made a ten-times improvement in efficacy, that’s still 1,560 phishing incidents per day that organizations have to contend with.

• Most frequently reported crime type to the FBI for five consecutive years

Phishing incidents are the crime type that is most frequently reported to the FBI IC3 unit, comprising 34% of the total volume of reported crimes in 2023. BEC incidents, a specialized form of phishing attack, were reported much less frequently than phishing incidents but were the second most costly crime type reported to the FBI in 2023.

• 70% of all cyberattacks in 2023

Phishing represented 70% of all cyberattacks in 2023 against email, with business email compromise attacks making up an additional 19% of attacks.

The continual success of phishing campaigns proves the point that it is easier for a cybercriminal to trick an employee into giving them access to their account or sharing sensitive data than it is to deploy malware to compromise an account and sensitive data. Few organizations expect that all cybercriminals will suddenly decide to stop sending phishing emails; the economics from such crimes are too compelling.

BREACHES ARE MORE EXPENSIVE THAN ADDED PROTECTIONS

IBM’s latest Cost of Data Breach report pegs the global average cost of a phishing incident at $4.76 million and the global average cost of a business email compromise (BEC) incident at $4.67 million. Incident costs are higher than average for organizations in the United States, for organizations in the healthcare sector, and for any organization in a critical infrastructure sector.

These global, country-specific and industry-specific average costs provide a baseline for organizations to weigh up the cost-benefit equation for investing in additional protection layers, which in most cases will be significantly lower than the cost of a breach from a phishing or BEC attack that got through.

According to an IBM study, the global average cost of a phishing incident is $4.76 million; BEC incidents are close behind at $4.67 million.

Securing Microsoft 365 against sophisticated threats is an ecosystem play

Question: What do you get when you cross the world’s largest email service with one of the world’s most spoofed brands?

Answer: An extremely attractive target for cybercrime gangs.

Microsoft 365 offers a complex array of email, productivity, collaboration, and security services, with differing capabilities at play for any given individual depending on which plan their organization has licensed for them, and differing levels of security efficacy depending on how the applicable customer-managed controls have been configured.

Cybercriminals have proven themselves adept at finding their way through these capabilities and protections in Microsoft 365 to land phishing threats in users’ inboxes. With Microsoft 365’s native email security capabilities not detecting and blocking every threat, organizations relying solely on Microsoft’s native capabilities are at high risk of compromise.

Fewer and fewer organizations are taking this high-risk approach. Over the past several years, our research studies have documented an increasing share of organizations complementing Microsoft 365’s native email security capabilities with advanced email security capabilities from third-party vendors.

Organizations relying solely on Microsoft’s native security capabilities in Microsoft 365 find themselves:

• Facing down yet another emerging threat that has been delivered to inboxes

In 2023, QR code phishing attacks were in the spotlight for Microsoft 365 customers. Some of these were particularly ironic, such as the attacks that masqueraded as being from Microsoft to deliver an urgent security update for Microsoft 365 authentication. Fake invoices (as part of a business email compromise phishing attack) and fake reports that urge the victim to click a malicious link are other regular examples of emerging and morphing threats that are delivered to user inboxes. In 2024, there are examples of new attacks that trick AI/ML models that a malicious message is benign. The use of compromised email accounts for sending phishing and BEC messages improves the efficacy of these attacks for cybercriminals.

• Racing against the clock to mitigate the threat of malicious content and links in the inbox

When Microsoft 365 fails to detect a new phishing campaign or an emerging phishing threat, messages with malicious content and risky links are available in users’ inboxes. Identifying threats based on a risk assessment of both the content and any included links is essential. Security professionals can only hope that none of the employees in their organization fall for the attack before suspicious messages are identified and removed from inboxes. Microsoft usually catches up and adjusts their defenses within a day or two, but with time to click measured in minutes after the message has been delivered to an inbox, days is far too long.

Microsoft 365 doesn’t detect and block every email threat, meaning that organizations relying solely on Microsoft’s native capabilities are at high risk of compromise.

• Concerned about the flow-on effects of compromise beyond email data

Back in the day when productivity tools were not seamlessly integrated against an identity, a compromised email account was just that and only that. Other services were safe because they functioned with separate login credentials. Those days are now gone forever. Compromising a user’s account credentials through a phishing email gives the cybercriminal access to all connected data and systems in Microsoft 365, such as Teams channels and chats, SharePoint content, and OneDrive documents. The data breach blast radius is massive.

• Less protected against internal phishing attacks

Once a cybercriminal has successfully compromised a Microsoft 365 account, they can leverage this for sending internal phishing and BEC messages. Detecting the flow of these email attacks within the Microsoft 365 tenant has become crucial, as they represent hidden threats that must be monitored. Only assessing email traffic that traverses the organizational boundaries in either direction is a recipe for further compromise and costly breaches.

Microsoft, itself, has suffered multiple devastating security incidents over the past few years that have compromised not only itself but customers too. For example:

• China-based hackers stole a signing key from Microsoft and compromised email accounts in the U.S. government and beyond

After breaching Microsoft’s network and stealing a signing key that could be used to forge authentication tokens, the attackers had access to email accounts of compromised U.S. government agencies and other organizations for over a month before their activity was detected by a customer and Microsoft was alerted. The hack was a very targeted operation, with specific federal agencies and email accounts in the crosshairs. While Microsoft indicates that it subsequently blocked hackers from using this technique to access customer emails, it is unknown how many other unaddressed techniques remain open.

• State-sponsored Russian hackers compromised Microsoft’s corporate email

Email accounts belonging to senior executives, along with cybersecurity and legal team members, were compromised by a state-sponsored hacking group from Russia. The hackers were able to bypass the weak security controls in one of Microsoft’s test tenants on Microsoft 365, and then compromise its corporate tenant. In its initial data breach disclosure, Microsoft said that some of its email messages and documents were stolen over the two-month timeframe that the group had access. More recently, Microsoft disclosed that additional threat activity by the Russian group had been identified, including unauthorized access to Microsoft’s source code repositories and internal systems, misuse of stolen cryptographic secrets, and dramatically more password spray attacks against customers.  The Cybersecurity Infrastructure Security Agency in the United States was more stark in its April emergency directive: the “successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies.”

• Microsoft’s products are the most exposed to high-risk vulnerabilities

70% of the top 10 and more than 50% of the top 20 most exploited vulnerabilities are in products from Microsoft.

These incidents and threat realities raise the urgency for customers to ensure that they are protected by more than just Microsoft offerings.

Once a cybercriminal has successfully compromised a Microsoft 365 account at an organization, they can leverage this for sending internal phishing and BEC messages.

Enhancing security posture with in-line AI-powered third-party email security

In this section, we look at the reasons why organizations are adopting in-line AI-powered third-party email security solutions.

STOPPING THE ATTACKS THAT MICROSOFT MISSES

Extending the baseline email security capabilities available in Microsoft 365 (and Google Workspace) by using an in-line AI-powered third-party email security solution offers an additional line of defense to stop the attacks that Microsoft (and Google) miss. Such complementary capabilities leave the initial security analysis to Microsoft and Google, and then perform an additional top-to-bottom assessment of everything that Microsoft and Google pass through as clean and threat-free.

The number of messages that get passed through as clean and threat-free will depend on which Microsoft or Google plan a given user is assigned. For example, the costliest Microsoft 365 plans have measurably better email security capabilities that its entry-level offerings, although such plans bundle many additional non-email services that a given user may not require. Organizations can often lower their recurring cost structure by complementing less costly Microsoft 365 plans with third-party email security offerings as opposed to licensing the costliest Microsoft 365 plans. For service providers, third-party email security solutions offering multi-tenant capabilities enable the improvement of security posture across multiple customers at once.

It is not just the “one that got through,” however. One study found that Microsoft’s native email security capabilities in Microsoft 365—encompassing both Exchange Online Protection and Defender—missed 18.8% of malicious email messages. The study attributes this high miss rate to increasing levels of hacker sophistication and targeted attacks that have been specifically designed to bypass Microsoft Defender. It is not surprising, therefore, that we have seen an increasing number of organizations using third-party email security solutions to stop the attacks that Microsoft misses.

FROM STATIC RULES AND REPUTATIONAL CHECKS TO AI-DRIVEN ANOMALY DETECTION

Modern email security solutions use AI to detect anomalous communication patterns in email. AI is used to build a comprehensive picture of the context of each new message, the history of interaction between any two people, the style and nature of content usually exchanged between them, and any observable malicious signals in attached files and documents. If this analysis lines up with the behavioral baseline, the message is cleared for release to the recipient’s inbox. If anomalous patterns are detected, or there is a deviation that is out of tolerance, messages are classified as malicious or potentially malicious and dealt with accordingly. These AI-driven innovations move email security beyond traditional approaches that revolved around static rules, signature matching, blacklists, and reputational checks of the email sending infrastructure.

AI-driven innovations move email security beyond traditional approaches that revolved around static rules, signature matching, blacklists, and reputational checks of the email sending infrastructure.

KEEPING EMAIL ATTACKS AWAY FROM THE INBOX

Email attacks delivered to the inbox present a high risk to the organization. Delivering as few as possible is why additional layers of email security are needed. Organizations require the ability to control where suspicious or potentially malicious emails are delivered. To minimize false positives, some will opt for routing messages to the user’s inbox with an added warning to highlight the potentially malicious characteristics. Others will want to route messages and the added warning to the user’s junk folder (where the recipient is less likely to engage with the message) or an administrator-only quarantine (for further analysis by security analysts). Finally, all organizations need the ability to automatically remove emails from user inboxes that have proven to be malicious after they were initially cleared as threat-free.

DE-WEAPONIZING MALICIOUS URLS

Cybercriminals include custom URLs in phishing messages. When these messages are first sent, the URL resolves to a clean and threat-free destination, so that pre-delivery checks on the message do not raise any security warnings for the URL. After a predetermined time has elapsed, however, and the message is sitting in the user’s inbox, the destination site is changed from clean and threat-free to malicious and threatening. This process of post-delivery weaponization means that malicious messages and URLs will evade pre-delivery checks and be delivered to an inbox for a victim user to start clicking.

Rewriting URLs in messages adds a security verification every time the link is clicked or opened. By routing the link back through a security check, all links can be re-assessed for security warnings and vulnerabilities at the point in time in which a user is engaging with the message, the URL, and the destination content—not merely when the message is delivered.

STOPPING EMERGING PHISHING ATTACKS SUCH AS QR CODE ATTACKS

With the increased use of QR codes in general life and a growing sense of trust among people who use them regularly, cybercriminals have started using QR codes in phishing messages. Many email security solutions are less capable of detecting the presence of QR codes—and other types of malicious images. Many organizations using Microsoft 365 have seen these new types of attacks bypass the native email security capabilities included in their Microsoft 365 plan and be delivered directly to email inboxes.

Modern email security solutions tackle the growing problem of QR codes and other malicious images head on. All resolvable URLs are extracted from QR codes and images for analysis of malicious characteristics. If the message can be classified as malicious, users don’t even see it. If there are indicative but inconclusive signals, users are warned

Rewriting URLs in messages adds a security verification every time the link is clicked or opened.

IN-THE-MOMENT SECURITY AWARENESS COACHING FOR EMPLOYEES

Security awareness training is an essential component of any cybersecurity strategy. Training courses, short videos, posters in the elevators, and other forms of training are used to cultivate an awareness of common and emerging cyberthreats. While these approaches are necessary, they suffer from the design weakness of being something separate from an actual cyberthreat. The hope of security awareness training is that the approaches that teach theory and readiness will be applied correctly by an employee whenever a cyberthreat is present.

When a message cannot be categorically classified as not malicious, the recipient must be alerted to the attributes of the message that are indicative of a cyberthreat but not certain to be one. In this way, in-line email security solutions move beyond cultivating an awareness of cyberthreats in general. They offer precise warnings about specific potential cyberthreats in each email message. Warning banners specify why caution is needed before engaging with the contents of a message, such as new email addresses paired with regular sender names (a common attribute of an impersonation attack), language that emphasizes urgency and secrecy (frequent signals of a social engineering attack), and requests for monetary transactions with anomalous characteristics (which could indicate a business email compromise attack). The final decision is left with the recipient, but as much cybersecurity data as possible has been flagged for their attention.

STRENGTHENING INCIDENT RESPONSE AND REMEDIATION PROCESSES

When email attacks do get through to the inbox, having clear and streamlined processes for remediation and incident response makes a significant difference to the cost and complexity of clean-up activities. Achieving this requires suitable training and awareness for email security administrators and security operations center (SOC) analysts, along with opportunities to practice remediation activities to optimize collaboration across different security roles.

In-line email security solutions offer precise warnings about specific potential cyberthreats in each email message.

Multiple layers of protection against email threats

Almost all the organizations featured in our recent market surveys are using two or more layers of protection against email threats in addition to the baseline capabilities offered by Microsoft 365 or Google Workspace.22 Many are using a secure email gateway as well as an integrated cloud email security solution.

Why would organizations do this? Reasons include:

• With email a dominant vector of compromise, more is preferable to fewer

With 70% to 90% of cybersecurity threats arriving via email, having a diversified portfolio of protections is preferred by many organizations over trying to find the uber–email security solution. By adopting a multi-layer, defense-in-depth posture, the likelihood of email attacks bypassing email and other security protections declines significantly.

• Preference to complement current protections rather than rip-and-replace

Getting email security right is a journey of discovery, tuning, and optimization. It’s a discovery journey since it involves observing which attacks are directed at an organization, which attacks evade current security filters, and which attacks employees fall prey to. As these are observed, current solutions can be tuned and optimized to catch as many attacks as possible. Undoubtedly, some proportion of attacks still get through, and reducing this proportion becomes the focus of complementary layers of security. Many organizations prefer to retain the defenses they have tuned and optimized for a certain class of email threats, complementing this with additional specialized defenses to handle everything else rather than ripping out what they already have and starting with a greenfield deployment.

• The drive to include protections from beyond Microsoft’s stack

With Microsoft 365 being a key target for cyberattacks, Microsoft’s vast product suite heavily targeted for vulnerabilities, the Microsoft brand routinely among the most impersonated, and Microsoft falling victim to high-profile attacks, having a strong layer of defense that doesn’t come from Microsoft has become critical. This allows organizations to align with an email security vendor that isn’t Microsoft, doesn’t suffer from Microsoft’s systemic weakness, and comes at the security problem from a different angle. Protection increases with intentional diversity.

• The cost of additional protections pales in comparison to the cost of incidents

Incidents caused by the inability of email security defenses to detect emerging phishing campaigns and business email compromise attacks are much more expensive to remediate than the licensing cost for a fit-for-purpose email security solution for detecting and deflecting the attacks in the first place. Licensing costs for complementary security solutions are much less than the compliance fines for data breaches, the cost of labor hours to respond to the incident, and lost finances due to a business email compromise scam. As mentioned above, pairing less costly Microsoft 365 plans with third-party email security offerings offers a lower recurring cost structure for organizations versus signing up for Microsoft’s costliest bundles that include many extraneous capabilities a given user doesn’t require.

By adopting a multi-layer, defense-in-depth posture, the likelihood of email attacks bypassing email and other security protections declines significantly.

• Different security solutions have complementary strengths

#Secure email gateways (SEGs) and integrated cloud email security solutions are designed to detect and mitigate different types of email threats. SEGs use a set of detection algorithms to identify new versions of previously seen email attacks. They rely on analyzing the reputation of the email sending infrastructure and are optimized for traffic coming into and out of a domain. They are less adept at identifying emergent threats (e.g., QR code phishing), social engineering attacks (e.g., business email compromise attacks), and intra-domain traffic (e.g., internal phishing campaigns from compromised accounts). By comparison, this is where newer email security solutions integrated with the cloud email service excel. By playing to their respective strengths, organizations gain security protection against many different types of email attacks.

It is unknown how long organizations will prefer to rely on multiple layers of defense rather than seeking the uber–email security solution, but over the current planning horizon, it remains a game of multiples.

Conclusion

With phishing and BEC attacks getting worse across the threat landscape and the risk of a Microsoft-only approach increasing, it is critical for organizations to revisit their email security strategy in 2024 and beyond. Look at what threats are still being delivered to employees, managers, and executives. Analyze the costs that these threats impose on your organization. And explore the security and business value of complementing your email security posture with an in-line AI-powered third-party email security solution

It is critical for organizations to revisit their email security strategy in 2024 and beyond.

About TitanHQ

TitanHQ is a 25-year-old multi-award-winning SaaS cybersecurity platform that delivers a layered security solution to businesses globally. It offers cutting-edge technologies and robust solutions to protect MSPs and SMBs against phishing attacks, malware, ransomware, and other cyberattacks that can compromise data and disrupt operations.

See www.titanhq.com