Email security incidents happen every 12 hours – it’s time to close the gap in Microsoft 365

Written by Egress on 21 January 2021 in Sponsored Article
Sponsored Article

The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be taken to secure data? Egress explores 

Although many UK public sector organisations had already migrated to Microsoft 365 before the COVID-19 pandemic (or at least or had plans in place for migration), a remote-first world has accelerated adoption rates across all industries globally.

This remote-first world has also seen email being relied on more than ever as a core business communication mechanism. In fact, email security research shows 94% of organisations have seen an increase in outbound email traffic since the pandemic began, with one-in-two experiencing growth of over 50%. Employees are also increasingly stressed, tired and distracted, and therefore more prone to making mistakes.

It should be little surprise, then, that 93% of IT leaders acknowledge sensitive data had been put at risk in their organisation due to outbound email in the last 12 months. More importantly, the average rate for data loss was every 12 working hours.

The native security controls in Microsoft 365 are unable to meaningfully mitigate the most common causes of these incidents:

  • Adding one or more incorrect recipients, often due to Outlook autocomplete
  • Attaching the wrong file(s)
  • Forgetting to use Bcc
  • Adding unauthorised recipients into email chains
  • Sending data to a personal email address
  • Lack of security when TLS ‘failed open’ and the sender was unaware TLS wasn’t being used
  • Intentionally taking data to a new job or leaking it as a malicious action

Interestingly, it’s actually the inadvertent errors that are causing the most data breach incidents. In the UK, the Information Commissioner’s Office’s (ICO) security trends for the first six months of 2020 show that ‘data emailed to incorrect recipient’ is the top cause of reported incidents and, between was responsible for approximately 50% more incidents than phishing attacks.

Why you need intelligent email security to stop email data breaches in Microsoft 365

There are two reasons we’ve traditionally failed to solve this problem: firstly, legacy DLP technologies and the security controls native to email clients like Microsoft 365 lack the intelligence required to detect and prevent human-activated threats for outbound email; and secondly, training cannot fix the problem of human error.

Legacy DLP solutions are built using static rules. If an email violates the set criteria, actions can be taken, such as blocking its release or automating encryption. Where security and DLP are user-led, we still run into problems because they rely on people to make decisions. You can either take a sledgehammer approach of prompting on everything, which for the vast majority of employees will lead to click fatigue; or you can trust people will always make the right choice when it comes to adding recipients, attaching files and applying security.

Training cannot fix the problem of human error

While training is rightly an integral part of any comprehensive security strategy; on its own, it’s not able to dramatically reduce human error – otherwise we’d have trained beyond it and misdirected emails wouldn’t be the top cause of security incidents!

What can you do to close the outbound email security gaps in Microsoft 365 today?

There are two things that can be done today to help you overcome the issue of outbound email data breaches in Microsoft 365. The first is an audit of your email system to see how big a problem this is for your organisation specifically. Unfortunately, I expect it’ll be worse than you think. As well as detecting misdirected emails with wrong recipients and attachments, this audit should also look for failure to utilise encryption and other policy violations, and times when TLS should had been protecting data but wasn’t.

The next is to upgrade your outbound email security. Advances in contextual machine learning mean that intelligent DLP can detect and prevent human-activated data breaches in ways that legacy solutions simply can’t achieve. They’re able to deeply understand an individual user’s behaviour and relationships to validate in real-time that, yes, this specific email and its attachments are going to the right recipient(s) with the right level of security applied.

Contextual machine learning gives you the opportunity to make security personal and tackle outbound email security incidents in Microsoft 365 in a way you’ve never been able to before, without damaging productivity. Previously you secured your network layer and then you secured your devices. Now, it’s time to use intelligent technology to secure your human layer and keep data secure when emailed from Microsoft 365.

About the author

Egress Logo Cyber Security London

Our vision is for a connected world in which people communicate efficiently and securely. To achieve this, we provide human layer security to protect individual users and stop breaches before they happen. Our patented technologies are built using leading-edge contextual machine learning and powerful encryption that mitigate modern risks in ways that other solutions simply can’t achieve.


Share this page



Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Braverman proposes surveillance law update to give authorities more sway over telecoms firms
7 June 2023

Tweaks to Investigatory Powers Act could require companies to provide data even before appeals are settled and alert authorities to technical updates

DfT declines review of undigitised DVLA processes for citizens with health conditions
2 June 2023

MPs found that ‘inefficient’ manual processes contributed to a pandemic backlog of driving licence applications from those with notifiable medical needs

Ex-intelligence chief ‘appalled’ at ministers’ use of private messages
1 June 2023

Former GCHQ and Home Office leader David Omand expresses disapproval of use of WhatsApp and other platforms for government business

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...