In this guest blog post, Craig McDonald, CEO of MailGuard, explains how MailGuard 365, available exclusively in Microsoft AppSource and Azure Marketplace, works inside Microsoft 365 to identify and neutralize email threats.
Two years on from the onset of the COVID-19 pandemic, many businesses have shifted partially or fully to remote work. This increase in distributed remote workforces has widened the global threat landscape, enabling cybercriminals to take advantage of security gaps as companies continue to evolve their cybersecurity defenses.
Beyond the pandemic, and prior to the conflict in Ukraine, the WEF Global Risk Report 2022 foreshadowed “widening geopolitical fractures risk being another force for global divergence.”
For the first time in many years, technological risks took a back seat to economic and health concerns. The WEF cautioned the shift may signal a blind spot in the priorities of business leaders, like so many fatigued by the challenges of the pandemic, along with deep social and political divisions. The report suggests “growing digital dependency will intensify cyberthreats.” It also claims, “Growing dependency on digital systems – intensified by COVID-19 – has altered societies. Over the last 18 months, industries have undergone rapid digitalization, workers have shifted to remote working where possible, and platforms and devices facilitating this change have proliferated.
At the same time, cybersecurity threats are growing – in 2020, malware and ransomware attacks increased by 358 percent and 435 percent, respectively – and are outpacing societies’ ability to effectively prevent or respond to them.”
One of the largest attack vectors is email-based attacks, with business email compromise (BEC) attacks accounting for almost $2.4 billion in losses in 2021 in the United States.
Often overlooked is the human element that’s at play in every cyberattack. And as the global threat landscape worsens, this has never been truer. People are working in hybrid and distributed workforces with fewer resources at their disposal for support and juggling the changing demands, distractions, and stresses of their daily lives. This makes them more susceptible than ever to clicking a link or downloading a file mistakenly. We’re not only talking about ransomware or phishing attacks, but sophisticated targeted attacks like BEC can mean sensitive credentials may be obtained by cybercriminals without a business even knowing.
To bolster the protection available against email-borne security threats in Microsoft 365, we worked together with the team at Microsoft to develop MailGuard 365. It sits inside Microsoft 365 as the last line of defense, re-scanning emails to stop anything malicious that may have slipped through. Working in the native Microsoft 365 environment, it moves threats to the employees’ junk and deleted items just like Office 365, so there is no additional burden on admins or business partners. Most important, it keeps your team and your business safe. You can see the threats that slipped through your upstream defenses and were blocked by MailGuard 365 in your dashboard.
The acceleration of email-based cybercrime, specifically phishing, ransomware, and BEC attacks, remains a primary concern for business leaders and information security professionals. Last year, the Federal Bureau of Investigation (FBI) warned U.S. private sector firms about a rise in BEC attacks targeting government entities. Attacks have escalated since the onset of the COVID-19 pandemic and the mass shift to remote work, with “spoofed emails, phishing attacks, vendor email compromise, and credential harvesting techniques” being used to manipulate users. The warning reiterates findings from several reports that point to a rise in malicious emails targeting organizations across the globe – regardless of size or industry.
For instance, the Microsoft Digital Defense Report 2021 found that:
- In past years, cybercriminals focused on malware attacks. More recently, they have shifted their focus to phishing attacks as a more direct means to achieve their goal of harvesting people’s credentials. Approximately 70 percent of data breaches are a result of phishing, but basic security hygiene could prevent up to 98 percent of attacks.
- Phishing isn’t the only tool cybercriminals are using. There are more than 25 different types of malicious email techniques in addition to phishing.
At its onset, the pandemic led to a fundamental rethinking of how remote access was approached, but it’s key to remember the transition to new environments and secure ways of working is ongoing. Cybercriminals continue to exploit the tiniest gaps in cybersecurity strategies as businesses continue evolving their responses to keep their data and employees safe.
Because email is a critical business tool, and arguably the most important means of communication among many organizations, it remains an attractive target for cybercriminals looking to infiltrate networks and steal valuable data.
It’s imperative for organizations to constantly challenge, redevelop, and refine their security strategies, which are as multifaceted as the infrastructure they are designed to protect. The risks are immense, and expensive. The FBI’s Internet Crime Report 2021 found Americans lost over $6.9 billion to cybercriminals and scammers in 2021. And again, BEC attacks were by far the biggest source, totaling $2.4 billion across 19,954 complaints.
Experts recommend adopting a multi-layered approach to email security. In its 2021 Market Guide for Email Security, Gartner reports that “35 percent of client organizations that move to Office 365 are supplementing its natively available email security capabilities with a third-party product.”
That was the rationale behind building the MailGuard 365 add-on for Microsoft 365. Uniquely complementing upstream security services like the Microsoft 365 security stack and other third-party email security vendors, MailGuard 365 was co-built with Microsoft to protect more than 345 million Microsoft 365 users worldwide against advanced criminal intent email threats like phishing, ransomware, and business email compromise. A Microsoft Preferred Solution, MailGuard 365 delivers defense-in-depth email security, stopping up to 15 percent more threats when combined with Microsoft 365.
Exclusive to the Microsoft commercial marketplace, MailGuard 365 is a fully transactable SaaS offer in Microsoft AppSource and Azure Marketplace. For its many customers that trial and implement the solution, MailGuard 365 has already stopped copious amounts of email threats. MailGuard 365 can also be used to contribute toward eligible organizations’ Azure consumption commitment.
Combining decades of specialized email security expertise and IP from MailGuard with Microsoft Azure and Azure Machine Learning Studio to bolster the evolution of email threat detection, MailGuard 365 was co-developed by Microsoft gold partner MailGuard and Microsoft. The solution integrates MailGuard’s proprietary threat detection IP with Microsoft 365, delivering a native Microsoft user experience.
Unlike traditional vendor solutions, MailGuard 365 works inside Microsoft 365, re-scanning every email that lands in an inbox for new criminal intent threats after it has passed through customers’ Microsoft 365 security stack and any other third-party email security vendors. This enables transparent, evidence-based reporting, demonstrating the additional threats stopped. Businesses can see any malicious threats and the employees that are being targeted. Featuring a free 30-day trial, MailGuard 365 offers an email security health check that can enable security teams to measure the effectiveness of their cybersecurity strategies.