Nikul Patel, Director Analyst at Gartner, warns that phishing threats are escalating as attackers leverage AI to evade legacy email defenses. He stresses the need for a multilayered strategy combining SEG, ICES, DMARC, identity protection, and user awareness to counter these sophisticated attacks.
Attackers are increasingly using large language models (LLMs) to drive down the cost of phishing attacks by more than 95%, resulting in a higher return on investment of phishing and a surge in the frequency, variety and sophistication of these threats. Even as organizations work to upgrade or replace their email security solutions, many continue to face persistent challenges in safeguarding themselves against these advanced attacks.
A key issue is the lack of coordination among chief information and security officers (CISOs) and teams responsible for infrastructure, operations, security program management and security operations. This disconnect can create gaps in email security prevention, protection and response measures, leaving organizations exposed to blind spots. Traditional email security solutions are struggling to keep up, as business email compromise (BEC), vendor email compromise (VEC) and account takeover (ATO) attacks become more evasive and difficult to intercept.
To address these evolving threats, security and risk management leaders should adopt a multilayered email security approach that enhances coordination among teams and incorporates end-user awareness, helping to strengthen and sustain robust email security.
Selecting the Right Email Security Solution for Your Organization
When evaluating your organization’s email security needs, it is important to understand the differences between Secure Email Gateway (SEG) and Integrated Cloud Email Security (ICES) solutions. The shift to cloud-based email and the increasing sophistication of threats have driven the adoption of ICES, which is designed to address modern security challenges and evolving infrastructure. The right choice—SEG, ICES or a combination—depends on your organization’s unique environment and requirements.
Understanding SEG Solutions: SEG solutions have long been the standard for larger organizations with complex, on-premises environments. Acting as an email firewall, SEGs inspect messages before delivery, filtering out known threats such as spam, malware and phishing. While some SEGs have evolved to address more advanced attacks like business email compromise and impersonation, their detection capabilities can be limited.
Exploring ICES Solutions: ICES solutions are built for the cloud, offering scalability and efficiency while leveraging advanced technologies such as AI, machine learning and natural language processing. These capabilities enable ICES to analyze email content and user behavior, making it highly effective at detecting sophisticated and evasive threats. ICES typically deploys at the API layer or through connectors, allowing for rapid proof of concept and easy integration with existing systems. For organizations seeking to strengthen their email security with minimal infrastructure investment, ICES provides a flexible and innovative approach.
Using Integrated Solutions: A growing number of organizations are adopting both SEG and ICES solutions to enhance their email security. This combined approach compensates for underperforming SEG systems and enhances defense in depth, leveraging the strengths of both strategies for comprehensive protection.
Adopting a Multilayered Approach to Email Security
While no email security solution can fully eliminate all email-based threats, organizations can significantly reduce risk by adopting a multilayered approach. This means going beyond core email security platforms to address gaps that attackers may exploit. Enhancing defences requires collaboration across infrastructure and operations, security operations, program management and identity management teams. By aligning these functions, organizations can better prevent, detect and respond to modern email security threats. Security leaders must take into consideration the following recommendations while devising a multi layered approach to email security:
Strengthen Defences With DMARC: A critical first step in reducing phishing and impersonation attacks is implementing domain-based message authentication, reporting, and conformance (DMARC). This protocol helps prevent domain compromise by blocking fraudulent emails before they reach users, serving as an essential layer of defense for any organization.
Prioritize Identity Protection and Account Takeover Prevention: Credential misuse remains a leading cause of cyberincidents. Focusing on how email identities are managed across email infrastructure and applications can help block attacks that evade traditional detection methods. Proactive identity protection is key to stopping account takeover attempts and safeguarding sensitive information.
Build a Culture of Security Awareness: Even with advanced technology, some phishing attempts may still reach users. Traditional security awareness training often falls short, as users may view it as a formality. Instead, organizations should focus on real-time education—providing teachable moments and timely nudges when users encounter suspicious emails. Fostering a strong security culture that values awareness, behavior and proactive attitudes is essential for a truly human-centric approach to email security.