In 2022, security practitioners struggled to address the growing attack surface created by their rapid push to remote work and cloud-based operations during the previous two years. Cyber criminals exploited new vulnerabilities — including those introduced by the growing use of third-party software — to launch ransomware and other attacks.

But with tools like zero trust, XDR and more automated threat intelligence tech to bolster vulnerability management, cloud, email and endpoint security, organizations fought back – and established plans to invest more to secure networks and data in the next two years.

The following is the third of a seven-part series about where security practitioners struggled and, in many cases, made headway throughout 2022. Here, we focus on their email security challenges.

Click here to download the full 2022 Cybersecurity Year in Review Report from SC Media.

Consequences of email insecurity

Security teams devoted much attention to email security in 2022, but attackers continued to have the edge, exploiting the vulnerabilities that come with remote work and it’s the explosion of business and personal devices.

Consider the compromise reported by American Airlines in September 2022. The company informed customers that a bad actor breached the email accounts of some employees in July, which led to the personal information of customers and employees potentially being exposed and accessed.

Also in September, a credential phishing attack targeted 16,000 emails at a nonprofit agency. The fraudster in that incident claimed to be the prominent charge card brand American Express and demanded that cardholders open an attachment and contact the card company immediately regarding the cardholder’s account.

Such incidents demonstrate that email security is at its core a people problem, requiring security teams to address risks that can often linger beyond the realm of their control.

The uphill struggle with email security was also captured in a CyberRisk Alliance (CRA) Business…