Gartner Research Confirms Default Email Security Is Insufficient to Combat Business Email Compromise (BEC)
- by Brittany Day

Business email compromise (BEC) is a simple yet lethal attack that can have devastating effects on any business. BEC has become a favorite among cybercriminals, as these scams are simple and effective. By spoofing a trusted user, BEC requires no malware or malicious URL to convince a recipient to share valuable information or transfer significant amounts of money into the hands of the attacker.
Gartner’s research confirms that traditional methods of securing email like built-in Microsoft 365 and Google Workspace email protection are significantly limited in their ability to detect BEC attacks because of their fundamental architecture. This article will explore why BEC attacks are so prevalent and dangerous, why default email security is not enough to protect your business from this growing threat, and the type of protection that is required to defend against BEC.BEC: An Easy Way to Inflict Major Damage
Business email compromise attacks are a growing threat to all organizations, and are very difficult to protect against. Research done by Gartner has found that BECs have increased by nearly 100% over the past three years and experts predict the attacks will continue to double yearly. Statistics collected by the FBI’s IC3 (Internet Crime Complaint Center) reveal that there were over $43 billion in losses due to BEC between June 2016 and December 2021.
The increase in popularity stems from the simplicity in execution. Attackers don’t require malware or malicious URLs to manipulate a victim into sharing sensitive information or sending large sums of money, only needing to spoof a trusted user.
Default Email Security Is Not Enough to Repel BEC Attacks
Built-in Microsoft 365 and Google Workspace email protection are insufficient to stop BEC attacks, as Microsoft 365 and Google Workspace infrastructure cannot perform the per-customer contextual analysis required for the detection of most BEC attacks. Microsoft and Google have far too many companies and customers to properly monitor all accounts and understand relationships, reputation patterns and conversation-style anomalies to detect account takeovers (ATOs) and BEC attacks. In addition, Microsoft and Google’s default protection takes a static, retrospective approach to identifying potential threats, failing to safeguard against human error, which plays a critical role in successful BEC attacks.
Gartner has noted: “...due to the rise in business email compromises, account takeovers and other sophisticated attacks, many times some malicious emails are actually missed by Microsoft Defender for Microsoft 365 (MSDO)... …Therefore, organizations should strongly consider integrating third-party solutions to strengthen their email security capabilities.”
Consulting with a cloud developer can also assist with developing a security policy for your organization. Contracting with a cloud consultantcy can assist with implementing that policy.
Guardian Digital’s Solution to the Ever-Evolving BEC Threat
Guardian Digital EnGarde Cloud Email Security offers complete cloud-based email protection to block BEC and other malicious, ever-changing threats. EnGarde provides all the protections crucial to stopping BEC attacks:
- Machine Learning (ML) algorithms combine with a role-based, contextual analysis of email communications to identify threats that go undetected by Google and Microsoft.
- Scanning and quarantine all emails and files in real-time using AI and ML techniques to protect against insider threats.
- Complete account takeover (ATO) protection through behavioral analysis and the analysis of hundreds of thousands of email attributes.
Key Takeaways
BEC is on the rise due to it being an easy way for cybercriminals to inflict major damage and steal large sums of money from victims. As organizations move to the cloud, attackers have followed suit. Gartner’s research confirms that default email protection and traditional methods of securing email are not enough to stop BEC attacks. The best way to protect against BEC is to deploy an adaptive, multi-layered email security solution capable of understanding your organization and protecting against insider threats and account takeovers.
Ensure Your Current Solution Remains Appropriate for the Changing Email Security Landscape. Learn About Engarde Cloud Email Security Solution by Guardian Digital that can protect you from ver changing email threats like BEC.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Email Virus - Complete Guide to Email Viruses & Best Practices
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- 16 Business Communication Tips to Drive Engagement and Improve Relationships
- Critical Steps to Take When Your Content Is Being Shared or Sold Illegally
- How To Spot A DocuSign Scam Email
- What To Do If Your Business Email Gets Hacked
- Why Do Over 90% of Cyberattacks Begin with an Email?
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- Why Is Machine Learning (ML) Beneficial in Security?
- What Is a Cyberattack?
- Cyber Risk Is On the Rise: How To Ensure Preparedness
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry