Download The Mobile Messaging Enablement Guide for Security and Compliance  Teams Today

Executive Summary

With the evolution of cyber threats extending beyond email, the urgent need for comprehensive organizational security measures has become evident. The projected growth of business email compromise from $1.1 billion to $2.8 billion by 2027, and the statistic that over 75% of targeted cyberattacks are initiated via email, highlight this urgency.

Traditional security measures, primarily email-focused, fall short in today's era of omnichannel communication. Employee disregard for security protocols and the personal cost of threats amplify the need for more robust defenses.

Integrated Cloud Email Security (ICES), introduced by Gartner in 2021, offers enhanced security against sophisticated attacks. ICES employs natural language understanding (NLU), natural language processing (NLP), image recognition, and APIs for email content analysis, bypassing the need to change Mail Exchange (MX) records.

However, as threats have spread beyond email, we need to transition to Integrated Cloud Communications Security (ICCS), which secures the entire communication technology stack. It's essential to employ cybersecurity solutions that detect and prevent a broader range of phishing attacks across all business channels, identify at least 50 languages automatically, and utilize platforms for accurate, scalable security and compliance analytics.

The status of email inboxes across the globe is alarming. The evolution of email security threats has been swift, pervasive, and increasingly sophisticated. Businesses are grappling with a persistent deluge of threats, from spam and phishing attacks to business email compromise (BEC) exploits.

Consider the escalating market for business email compromise: it is projected to expand from approximately $1.1B last year to a staggering $2.8B by 2027​. This projected growth mirrors the growing complexity of threats against businesses' email communication systems.

Security researchers have documented a 48% surge in cyberattack attempts targeting email accounts in the past year alone. Indeed, over 75% of targeted cyberattacks initiate with an email, confirming that email is a favored point of entry for cybercriminals.

BEC attacks have emerged as a dominant threat, second only to ransomware, particularly in North American and Latin American countries. The cost of BEC attacks to US businesses has already totaled an eye-watering $2.39B in recent years.

Alarmingly, about 1 in 10 organizations (12%) in the US lack adequate coverage against cyberattacks, placing them at grave risk of significant financial damage. Furthermore, 14% of consumers have noticed unauthorized access to their email accounts, underscoring the personal cost of these threats.

Last year witnessed a 150% YoY increase in BEC attacks. In the UK, phishing attacks have emerged as the most disruptive form of cybercrime, closely trailed by the impersonation of organizations in emails or online. Advertising and marketing agencies are especially vulnerable to BEC attacks, facing an 83% chance of receiving such an attack each week.

The message for enterprises is clear: the need for robust protection from email-based threats is urgent and non-negotiable.

It's no longer just about email. The cyber threat landscape has evolved and expanded, and businesses need to keep pace. Traditional security measures that focus mainly on email are no longer sufficient in this age of omnichannel communication.

So, how should companies protect themselves? In their report, Gartner advises "Use email security solutions that include anti-phishing technology for business email compromise (BEC) protection that use AI to detect communication patterns and conversation-style anomalies, as well as computer vision for inspecting suspect URLs"​​. While this is an important step, it's just the tip of the iceberg.

For most organizations today, cyber threats like phishing are no longer confined to email. Cyber threats are now spreading beyond email. Messaging apps are being targeted by cybercriminals. They use similar social engineering techniques to exploit users' trust on these platforms. Businesses need to be aware of the risks and take steps to protect themselves.

Attacks can spread across infrastructure and channels, hopping from email to messaging apps to cloud-based platforms such as Microsoft Teams and Slack. In a 2022 report, Verizon found that 61% of organizations experienced a phishing attack in the past year. The report also found that the most common phishing attacks targeted email (83%), followed by social media (57%) and messaging apps (38%).

Impersonation attacks outside of email are becoming more prevalent due to several factors:

Email_Dark_RGBEmail Security Measures

As organizations and individuals become more aware of email-based attacks and implement stronger security measures, cybercriminals may shift their focus to other communication channels that might have weaker security or less sophisticated anti-phishing technologies.

Compliance-NextGen_Dark_RGB-1Diversification of Communication Channels

With the increasing popularity of various communication platforms such as messaging apps, social media, collaboration tools, and other online forums, cybercriminals have more opportunities to exploit these channels for impersonation attacks.

Authorization_Dark_RGBUser Behavior and Trust

Users tend to be more cautious when dealing with emails due to the well-known risks associated with phishing and impersonation. However, in other communication channels, users might have a false sense of security and be more trusting, making them vulnerable to manipulation and impersonation.

Troll_Dark_RGBSocial Engineering Opportunities

Non-email communication platforms often provide cybercriminals with additional information about users, such as their interests, social connections, and behavior patterns. This data can be exploited for targeted impersonation, making the attacks more convincing.

Mobile_Dark_RGBMobile Device Usage

The increasing use of mobile devices has led to a rise in communication through messaging apps and social media, creating new attack vectors for cybercriminals to exploit.

Visibility_Dark_RGBInadequate Security Awareness

While many organizations prioritize email security awareness training, they might overlook the importance of educating employees about potential risks in other communication channels.

AccountCompromise_Dark_RGBEase of Creating Fake Accounts

Some communication platforms might have less stringent verification processes for creating accounts, making it easier for malicious actors to set up fake profiles and impersonate others.

These trends were echoed by Dave DeWalt from venture firm NightDragon, who told us in our First Watch podcast, "Email is not your biggest system or record of communications anymore. We’re seeing 4-5 times the amount of traffic from non-email corporate channels. These are the Slacks, Zooms, and WhatsApps that we’re on, and suddenly, the vulnerability [is] there"​​.

Furthermore, these channels are far less protected than email. As DeWalt points out, "Ask a CISO how much money they’re spending on all their alternative communication channels… and the answer is [either] zero or very low. And when you look at the rise of that traffic, and you look at the rise of bots, and the ability to interact with those channels, and whole new ways of AI… We have a whole new problem coming about that I think CISOs need to be aware of."

What's worse, employees often disregard existing security protocols, especially if they feel these measures impede their ability to communicate effectively and efficiently. This is particularly true for digital natives, who frequently communicate via channels outside of email and may resist security protocols for a variety of reasons, including concerns about productivity, privacy, and stress​.

Moreover, cybercriminals are targeting high-value individuals on LinkedIn, Telegram, and WhatsApp to infiltrate enterprises, further amplifying the risks. Employers struggle to enforce mandates and policies while balancing cyber risks against employees' data privacy.

To address this growing challenge, companies need modern digital compliance strategies that cover all of an enterprise's communications, from email to social media to mobile chat and collaboration tools. These strategies must be efficient, cost-effective, scalable, and capable of identifying compliance issues and language-based risks​​.

The stakes are high. The Business Email Compromise (BEC) market, which serves as an indicator of the scale of email phishing threats, is projected to reach USD 2.8 billion by 2027, growing at a CAGR of 19.4% during the forecast period​. And that's just email. The risks and costs associated with non-email channels are likely to be much greater.

In short, it's clear that cyber threats have moved beyond email, and companies need to adapt their security strategies accordingly. It's time for a smarter, more modern approach to digital compliance.




In the realm of email security, a new approach has emerged to combat advanced phishing threats and enhance overall protection. Integrated Cloud Email Security (ICES) is positioned as a crucial defense against sophisticated attacks that can bypass traditional email security controls. However, it's essential to note that ICES primarily addresses email threats. As our digital communications extend beyond email, a broader security strategy is required to ensure comprehensive protection. Before we delve into this wider strategy, let's first explore what ICES entails and why it plays a critical role in an organization's overall digital security.

Gartner introduced ICES in 2021 as a cloud-based program designed to secure emails. Unlike traditional Secure Email Gateways (SEGs), ICES leverages advanced techniques such as natural language understanding (NLU), natural language processing (NLP), and image recognition to detect anomalies in emails. By using APIs, ICES solutions can analyze email content without requiring changes to the Mail Exchange (MX) record. This results in faster deployment, quicker time-to-value, and seamless integration with existing email infrastructure.

What sets ICES apart is its ability to provide real-time prompts that reinforce security awareness training (SAT). This proactive approach helps educate users and strengthens their ability to identify and respond to potential threats. Additionally, ICES solutions can detect compromised internal accounts, mitigating the risk of insider threats.

As the threat landscape continues to evolve, organizations are shifting their focus to cloud email providers' built-in protection capabilities. Gartner predicts that by 2023, at least 40% of organizations will rely on these capabilities rather than traditional SEGs, marking a significant shift in email security strategies. Furthermore, Gartner forecasts that by 2025, 20% of anti-phishing solutions will be delivered via API integration with the email platform.

ICES solutions seamlessly complement cloud productivity suites, offering comprehensive email protection. Evaluating an ICES solution involves considering various elements, including time-to-value, return on investment, installation and management efforts, false positive rates, machine learning technologies for social engineering detection, scanning and analysis of conversation history, security training reinforcement, and API integration with Extended Detection and Response (XDR) or Security Information and Event Management/Security Orchestration, Automation, and Response (SIEM/SOAR) solutions.

By embracing ICES as part of their email security framework, organizations can strengthen their defenses, safeguard sensitive information, and proactively mitigate email-based threats. In the next section, we will explore another critical aspect of modern digital compliance: safeguarding sensitive data across collaboration and messaging platforms.

As the threat landscape evolves, solely focusing on email security is no longer sufficient to protect organizations from sophisticated attacks. It's crucial for companies to elevate their approach from Integrated Cloud Email Security (ICES) to Integrated Cloud Communications Security (ICCS). This strategy encompasses securing the entire communications technology stack, going beyond emails. By adopting an ICCS strategy, enterprises can strengthen their overall security posture.

Osterman Research emphasizes the need for security professionals to broaden their scope of protection. They state, "As phishing spreads to these new tools — often driven by account credential compromise — IT and security professionals will have to spend even more time addressing threats and seeking to eradicate threat actors from their other services". Similarly, Gartner suggests including API-based ICES solutions when evaluating email security. This approach simplifies evaluation and provides additional visibility into internal traffic and other communication channels, reducing the risk.

To stay ahead of the expected surge in phishing attacks, enterprises must take proactive measures now. By doing so, they can free up their cybersecurity staff to focus on more strategic initiatives. It's crucial for organizations to seek more capable solutions that can detect and prevent a broader range of phishing attacks. This includes advanced threats like polymorphic phishing, where attack emails constantly change in an attempt to evade detection, and nested threats that hide within seemingly benign files or links. By preparing for these evolving challenges, companies can ensure robust protection across all their digital communications. Instead of being limited to protecting email alone, companies should look for holistic solutions that safeguard all communication and collaboration tools.

A holistic approach to IT security is essential because threat actors have equal opportunities to infiltrate systems through collaboration tools and apps as they do through email. Therefore, organizations need to protect all communication channels. This is why the approach is called Integrated Cloud Communications Security, as it encompasses all communication technologies.

To achieve comprehensive security, enterprises require cybersecurity solutions with specific capabilities and functionalities. These solutions should cover all security gaps, extending beyond email. Key capabilities include:

Zero Trust_Dark_RGBChannel Coverage & Cross-Channel Event Correlation

Detection of business communication compromise, including sophisticated attack campaigns that span across email and other business channels such as collaboration platforms, chat applications, conferencing tools, social media, and mobile chat.

Language_Dark_RGBMultilingual Natural Language Processing (NLP)

Auto-detection of at least 50 languages to ensure universal coverage across geographic markets.

Remediation_Dark_RGBNLP Maturity

Solutions with Natural Language Understanding (NLU) and Machine Learning (ML) capabilities, leveraging a platform that develops accurate and scalable analytics for security and compliance.

By adopting an ICCS strategy and investing in solutions with these capabilities, organizations can enhance their cybersecurity posture, mitigate risks, and protect their sensitive communications.

The modern digital landscape presents an ever-evolving array of threats, necessitating an equally dynamic and adaptive approach to cybersecurity. Today's organizations must move beyond traditional, email-focused security measures and embrace a comprehensive strategy that safeguards all modes of digital communication. With the rise of business communication platforms beyond email, it's imperative that cybersecurity strategies evolve in tandem.

Investing in an Integrated Cloud Communications Security (ICCS) strategy and associated solutions not only defends against current threats but also future-proofs organizations against the evolving cyber risk landscape. By incorporating advanced techniques such as multilingual natural language processing and cross-channel event correlation, businesses can achieve robust, comprehensive protection. Thus, an ICCS strategy is not merely a trend — it's a strategic necessity in the face of today's complex and pervasive cyber threats.

As the digital world continues to grow and transform, the organizations that anticipate changes and adapt their security strategies accordingly will be best positioned to safeguard their assets, protect their reputations, and thrive in the new era of cybersecurity. It's time for businesses to step up their game and embrace the holistic, forward-thinking approach that an ICCS strategy provides.

When it comes to ransomware, avoiding becoming a victim is better than cure. Reducing the risk of ransomware incidents should be a priority for many businesses. However, should an organization be unfortunate enough and fall prey to ransomware, the following steps should be followed:

  1. Remove The Device From The Network.
    Ransomware on one device is bad, but ransomware proliferating through a network of devices is catastrophic. Employees should be trained to immediately disconnect their device from the network if they see a ransomware demand displayed on their screen. They should also do the same if they observe anything peculiar, such as an inability to access their own files. Employees must not attempt to restart the device; it should be sent immediately to the IT department.

  2. Notify Law Enforcement.
    Ransomware is a crime. Theft and extortion rolled into one make it a law enforcement concern. Organizations should all default to immediately contacting the police cybercrime department, should they fall victim to a ransomware attack.

  3. Use Digital Risk Protection to Establish The Scope of Attack.
    In the wake of a ransomware attack, security teams need to gather as much intelligence as they can, as fast as they can. This will help both internal IT teams and law enforcement agencies formulate a response. Enterprises should strive to figure out the nature of the attack: who is behind it, what tools they used, who they targeted and why. Answering such questions can help your IT managers and network administrators figure out the extent of the attack and protect networks from future attacks.

  4. Consult with Stakeholders to Develop the Proper Response.
    Enterprises suffering a bad ransomware attack need to answer a host of questions: Can they afford to lose access to the targeted files, either because they have been backed up, or because they are not of the highest priority? Can the organization afford the ransom? Is there any room for negotiation? All stakeholders, from shareholders to legal counsel, should be consulted.

  5. Get the Post-Mortem Right.
    The best way to resist a ransomware threat is to have learnt from the last one. After an attack, enterprises should task their IT technicians, network administrators, and cybersecurity teams with a thorough review of the breach. A meticulous assessment of an organization's infrastructure, practices, and processes is required to discover flaws in security, and reinforce an enterprise against existing and future threats.

Fortunately, more companies are becoming smart enough to not give in to the threat of ransomware. As of Q4 of 2020, the average ransom payment is down by 34% ($154,108) from $233,817 in 2020’s Q3.

The dramatic decline can be attributed to the recent instances of malware attacks where, instead of being deleted, the stolen data is released publicly, even when the affected organization or individual pays. Now, more victims of cyber extortion are saying “no” to ransom payments, and are becoming smarter in their cybersecurity efforts by creating backups of their data and following best practices.

Hopefully, moving forward, more companies will proactively secure their data by following the best practices stated above and continue to resist being strong-armed by ransomware attackers. When cyber extortion loses its profitability, organizations win.



With proper communication risk protection, organizations can detect and nullify ransomware threats before they become an issue. The SafeGuard Cyber platform can keep pace with the scale and velocity of modern digital communications, and detect phishing links and other indicators of ransomware attacks across the full suite of cloud applications. Threats are instantly flagged and quarantined before an unsuspecting human target clicks on anything dangerous.

Secure Human Connections

Ready to see how SafeGuard Cyber secures modern communication apps wherever they exist?