Trustifi, the premier provider of AI- and cloud-based email cyber security solutions, has conducted an analysis of 1.3 million emails gathered through its ThreatScan email network scanning tool in 2023 for a new report on email data security. Conducted over two-week intervals, these scans have revealed notable inadequacies in a list of traditional email security solutions. A full 15% of the emails examined by the ThreatScan process after they passed through a company’s existing security filters were shown to still maintain compromising content—even though these networks already had traditional security solutions installed. This means that Trustifi’s scanning tool was able to identify 15% more email-based threats than what these businesses’ existing security solutions could detect. In addition, 62% of inboxes were found to have sustained attacks despite those existing security solutions being in place. The full ThreatScan report can be accessed on Trustifi’s website.
Trustifi ran these scans as part of its own proof-of-concept trials, conducted with potential business clients that did not yet utilize Trustifi’s software. All the threats detected by the Trustifi ThreatScan tool were missed by competing email security solutions. Software products that were in force on those networks included Barracuda, Proofpoint, Microsoft’s security package, Mimecast, Sophos, Fortinet, Google’s security solution, and other well-established brands.
Categorizing Email Threats
The Trustifi analyses revealed some interesting details. For instance, once a mailbox had received an attack, it often was targeted on a repeated basis. According to the study, 81% of the mailboxes that had sustained attacks received up to 40 threats per mailbox over the two weeks.
The threats identified by the proof-of-concept trials broke down as follows:
- Graymail and spam were the top threats detected by the scans.
- 1% of the emails that passed through the companies’ existing security filters were determined to be malicious, containing impersonation, spoofing, and phishing attacks – representing 12% of all the emails that Trustifi’s ThreatScan tests deemed to contain a threat.
- 4% were spam content, representing 28% of those emails found to be a threat.
- 9% were “graymail,” or ill-defined bulk email content that the user has opted-into, causing them to receive large amounts of extraneous or questionable material from marketers. That represents 58% of the emails found to be a threat.
In the “malicious” sub-category of threat-related emails identified in the scans, content breaks down as follows:
- 8.51% were spoofing attempts, where a message was falsely presented as coming from a known brand or website.
- Another 2.67% were impersonation attempts, where the email account of a valid sender was being used by a hacker for ill-intended purposes.
- 2.33% of the malicious threats identified by ThreatScan were phishing attempts.
Figures are rounded to the nearest whole number. Nearly 15% of the total volume of emails that had already passed through the prospect’s cybersecurity email filters were malicious, unwanted, or undesirable messages. These transmissions were left to clog-up inboxes, or far worse: They could infect the network and/or fool the user into transferring money or revealing sensitive credentials. As the business community has witnessed again and again, sometimes it only takes a breach of one email password to cause millions of dollars in damage—whether via ransom, denial-of-service, fraudulent requests for funds, or corporate downtime in the event of an attack.
“It’s quite valuable for businesses to understand the high percentage of unsolicited and threat-based emails that are able to get through their existing security filters every day,” said Rom Hendler, Trustifi’s CEO and founder. “Malicious content that lingers on a server can be activated at any time, and an abundance of unsolicited mail can overwhelm a company’s email system. Many mailbox users don’t take steps to remove these questionable emails, or don’t realize their inboxes are harboring dangerous material indefinitely, increasing their risk levels.”
SEG-based Solutions Are Not an Adequate Defense
Many of these potential clients used a traditional SEG (security email gateway)-based software product, which according to Trustifi’s estimates can be found in approximately 70% of all business networks. SEG gateway solutions rely on blacklisting of known malicious IP addresses, a strategy that is limited in its ability to detect the more sophisticated, AI-based, “socially engineered” phishing and imposter attempts that are now commonly used by hackers. These malicious trends have been accelerated by new AI-based platforms like WormGPT and FraudGPT, developed specifically to assist cyber criminals in creating more devastating attacks that can circumvent SEG filters.
In contrast, API-based cybersecurity solutions that leverage advanced AI can interpret phrasing; flag content with dangerous keywords; and even identify threats in PDF attachments, images, and QR codes. SEG-based blacklisting and whitelisting simply can’t accomplish this.
“Most executives are unaware that even some of the market’s top tier security providers are still using SEG-based blacklisting as their main line of defense, instead of more sophisticated, API-based models with advanced AI tools. Those older solutions were designed long before the more complex, AI-generated hacking techniques came into being, so they’re not built to address them,” continued Hendler. “Some of our prospects have been shocked to see the volume of threats that pass right through their legacy email filters. We’ve seen companies that were long-time Barracuda environments decide to make a major transition to Trustifi’s next-gen security suite after a ThreatScan assessment.”
