Starting late last year, Antigen CEO Steven Legg was joined by Antigen’s Tim De Block for a podcast in which they discussed all matters relating to cyber liability insurance and the security controls organizations need in order to be insurance-ready. If you missed an episode, just visit our YouTube page to see the original recordings!
While you are waiting for the next episode to drop, here’s an excerpt from one of our October episodes, in which Steven and Tim are discussing Email Protection, and everything that comes with it. Both the video version and text version are below. Be sure to subscribe if you found the information to be helpful!
Timothy De Block (Tim): Welcome to the Antigen Cyber podcast! I’m Timothy De Block, the Director of Advisory Services at Antigen. With me today is Steven Legg, the CEO of Antigen Security. How are you, Steven?
Steven Legg (Steven): Hey, doing well, Tim. How are you?
Tim: Pretty good, trying to get over this cold weather a bit. Just appeared here in Tennessee. I don’t know if you’ve received that cold snap up there.
Steven: Yeah, we’ve had weird weather in the last two weeks—some summer-like days and some winter-like days. Definitely interesting.
Tim: As usual. We’re here to talk about email security. First off, we need to define what email security is.
Steven: When we look at email security or any modern email security solution, we define it as a solution that includes both pre and post-delivery protection, URL and attachment sandboxing, anti-malware or virus scanning, data loss prevention and detection, and encryption capabilities. There are various email protection products, both traditional inline email and API-based email solutions. However, we consider email protection modern only if it meets all these criteria.
Tim: So, we’re talking about email firewalls and such?
Steven: Yes, that’s correct. It includes everything you would find in a traditional spam filtering solution, along with additional features.
Steven: Indeed. Many providers now integrate AI into their threat detection capabilities. Threat actors focus on getting under the radar during the initial email, using links, or other tactics. AI helps detect these types of playbooks.
Tim: It’s a cat and mouse game; they’re always finding new techniques.
Tim: The best way to answer that is to discuss someone who undervalued email security and how it affected them. In the last 36 months, a hospital system faced a significant compromise due to relying solely on their cyber insurance policy. They hadn’t invested in proactive measures beyond basic antivirus and traditional spam protection. When compromised, it led to a full-scale compromise of their systems. The insurer found out they hadn’t maintained their Exchange Server, leading to a denial of coverage. The hospital had to pay around $6 million out of pocket for settlements, response costs, and negotiations with the threat actor.
Steven: Seems pretty standard nowadays. It’s surprising that more organizations don’t consider email security essential.
Tim: Exactly. It’s a foundational control for every organization, given the amount of communication happening over email and its critical role in most businesses.
Steven: I’ve been dealing with it for over 15 years. I remember the importance of it. I once faced a situation where we had our email gateway blocking a threat, and we had to make a business decision to open it up, leading to a malware cleanup.
Tim: Regarding costs, is email security expensive?
Steven: The cost depends on the solution. Older inline solutions can be pricier, but most modern solutions with the mentioned criteria range from $1 to $15 per month per user. It’s reasonable for the protection provided.
Tim: That’s pretty reasonable for the level of protection. Even small businesses should be able to afford it.
Steven: Exactly. Cyber insurance carriers are now requiring advanced email protection even for small businesses, recognizing it as a foundational control.
Tim: Makes sense. Is there anything to consider for heavily regulated industries, like healthcare?
Steven: Certainly. Organizations dealing with a large amount of PII or PHI transmitted electronically should focus on email protection that detects sensitive information automatically. This information is crucial for security awareness training and complying with regulations.
Tim: So, the DLP aspect, ensuring that sensitive data doesn’t go to the wrong place?
Steven: Yes, exactly. Setting up DLP rules is essential to prevent data leaks or, if sent, to detect and report on it.
Tim: Another benefit is dealing with phishing emails. It’s always interesting to see how attackers adapt.
Steven: That’s where post-delivery protection becomes critical. It allows you to go back, detect, and retrieve malicious files or phishing emails that got through initially.
Tim: It’s useful for investigations too. You can search for fishing emails, check who received them, and respond accordingly.
Steven: Absolutely. As a part of digital forensics, post-delivery protection provides valuable insights, often leading to the discovery of compromises that occurred earlier.
Tim: How do people get email security?
Steven: You can work with service providers or go directly to SaaS companies providing these solutions. When evaluating email security, consider the type of risk your organization faces. Focus on DLP, encryption, and other protective capabilities if you deal with a high volume of sensitive data. It’s a critical part of your overall cyber risk management strategy.
Tim: Great. Anything else we haven’t covered about email security?
Steven: If you haven’t implemented email security yet or are using a traditional inline product, think about how effective your solution is at preventing low-hanging fruit attacks. Consider both proactive and preventative controls for inbound and inter-office emails, along with encryption and data loss prevention technologies for sensitive data. It’s part of your business and cyber risk strategy.
Tim: Alright, well, if you have any follow-up questions or thoughts, feel free to reach out to us. You can drop comments in the chat or contact us online.
Steven: Thanks, Tim. And don’t forget to register for our first Cyber Forum event at the end of the month. More details are available on our website and social media pages. If you’re a practitioner dealing with these challenges daily, join us to discuss and beat these challenges together.
Tim: Awesome. Thanks, Steven. Take care.