The vast majority of CISOs (chief information security officers) do implement email security.
However, there’s an incipient problem, an elephant in the room, that needs to be addressed.
CISOs are often blindsided by this problem, they just don’t see it at all.
The problem is that CISOs do not know whether or not their email security is actually working and if so, to what extent.
When asked about how they know that their current level of email security is providing the correct level of protection, many CISOs simply lack an answer. They’ve got nothing.
In one recent conversation, a CISO said to me, “I don’t know if we have a problem with email or not.”
They do not know about the number of dangerous links clicked on.
They do not know if the number of phishing emails coming in is increasing or decreasing.
And they are not improving rules around quarantining or releasing emails.
They are not even in the operational space.
Despite about 90% of cyber attacks originating from an email, it is seen as a black box.
Why CISOs aren’t seeing email risk
While CISOs can automate 99% of email security management, allowing automation to do the heavy lifting, there is still 1% of…
