On July 19 2021, the Gartner® Hype Cycle™ for Midsize Enterprises report was released. According to this report, “This Hype Cycle highlights technologies with potential wide-ranging impacts based on the characteristics that define midsize enterprises (MSEs).” It further adds, “This Hype Cycle is designed to help MSE CIOs identify and programmatically apply emerging technologies to accelerate business and IT outcomes.” 
If you are a Gartner client, you can access the full report here. As a Sample Vendor listed for ‘BEC Protection’, we have compiled some takeaways from the Hype Cycle to help MSE CIOs assess the state of the email security market.
BEC Protection - a Priority for Midsize Enterprises
Business email compromise protection entered the Hype Cycle for Midsize Enterprises this year. Gartner defines the benefits of BEC Protection as ‘High’ and projects that the plateau for this technology will be reached in the next 5-10 years.
We fully agree with the inclusion of business email compromise protection technologies in the Hype Cycle. Midsize enterprises struggle with the unenviable trifecta of not enough budgets, not enough time, and not enough security personnel. Targeted attacks like BEC harm these organizations across all three aforementioned areas:
- Hitting where it hurts most: Losses connected to a single BEC attack reached as high as $984,855 last year according to the Verizon DBIR. Facing monetary losses of this magnitude can have immediate and lasting negative effects for midsize enterprises.
- Email alert fatigue: Lean security teams at midsize enterprises already have their hands full responding to scores of user-reported email threats and noisy alerts generated by legacy controls. This is a fertile environment for hard-to-detect attacks like BEC to slip through the cracks.
- An attack surface laden with workflows: Midsize enterprises have teams that wear multiple hats and constantly extend their bandwidth to get work done - and they heavily rely on email workflows to get that work done. BEC attacks often hijack the context of real workflows (e.g., password reset, vendor invoice fulfillment, file-sharing notification) and trick victims into taking action without thinking too deeply.
In the report, Gartner says:
“BEC attacks pose a significant risk to all industries. They accounted for 43% of cybercrime losses in 2020. These attacks are often relatively low-tech and targeted at valuable individuals, such as members of the accounts payable team or the CFO.” 
Other market statistics bear out the rise of BEC attacks as well. The FBI Internet Crime Report cited $1.86 billion in reported losses from BEC and Email Account Compromise (EAC) attacks. The Verizon 2021 DBIR found BEC to be the second most common form of social engineering.
Arjun, our Co-founder and Chief Architect, covers how a typical BEC attack works and common attacker techniques used here.
Fig: The rapid rise of business email compromise
The Need for BEC Protection
On the increased adoption of BEC protection technology, Gartner says:
“Traditional techniques for detecting malicious attachments or links are ineffective against BEC attacks.” 
It further adds:
“Reputation-based detection techniques are relatively ineffective because these attacks often come from legitimate email accounts with good reputations.” 
We think this resonates with the threats Armorblox is observing on tens of thousands of customer environments. Today’s adversaries research their targets, mask payloads by standing up zero-day domains with redirections, and often impersonate trusted parties to steal money and data. Attackers are also foregoing payloads altogether, focusing instead on socially engineered messages that are crafted to induce certain actions from victims e.g., asking to change direct deposit information or asking for iTunes gift cards.
Legacy security controls fall short of protecting against these attacks.
Fig: Targeted email attacks like BEC are easy to execute and slip past legacy security controls
BEC Protection Tips for Midsize Enterprises
In the report, Gartner recommends:
“Upgrade or supplement email security solutions with advanced phishing protection, including natural language processing, natural language understanding, computer vision and machine-learning-based social graph analysis.” 
Armorblox was recognized as a Gartner Cool Vendor in Cloud Office Security as well as a Sample Vendor listed in this 2021 Hype Cycle report. We have compiled some BEC protection guidance for midsize enterprises below:
1. Look for breadth and depth of detection
Organizations should complement the native features of their cloud email providers (eg. EOP for Office 365) with third-party controls that take a different approach to email security. Security solutions that look beyond just identity-based signals and email authentication can provide better protection against socially engineered emails. Relying on binary signals won’t be sufficient to detect emails that are often sent from reputable accounts, contain zero-day links or forego links altogether, and exploit the victim’s trust to steal money and data.
Armorblox uses natural language understanding (NLU), deep learning, computer vision, and other advanced techniques to understand the context of communications, enabling the platform to stop targeted attacks that get past legacy security controls.
2. Look for learning-focused systems
BEC attacks are targeted by nature, with attackers exploiting researched knowledge about you, your peers, your known vendor associates, and more. It thus stands to reason that organizations should invest in BEC protection based on systems that learn from custom organizational data and get better with time.
Armorblox studies six months of email archives for every customer and builds communication baselines that are essential to identify suspicious email communication. Armorblox also has three sets of models that are updated continuously - a global set of models across our 56,000 customers, a custom set of models per customer, and a custom set of models per user/mailbox.
Fig: Armorblox has a set of models learning across organizations, per organization, and per user
This learning-focused approach ensures protection against both global, industry-agnostic attacks and attacks that include organizational or user context.
3. When in fatigue, automate
Adding more layers of email security should not result in an increased volume of low-fidelity alerts for already overworked security teams. Email security controls that increase the relevance and reduce the volume of alerts that security teams need to review should be preferred.
Armorblox is built with ease of use in mind and automates everything that security teams were not hired to do but that ends up taking their time. Deployment happens in minutes over API. Policies come pre-built with the platform, obviating the need for manual setup and maintenance. Remediation actions can be automated and configured per threat type or user group with custom alerting.
Our aim is to take email security busywork off your hands and free up your time for more proactive cybersecurity concerns.
 Gartner “Hype Cycle for Midsize Enterprises, 2021,” Mike Cisek, Paul Furtado, Nikhil Sood, 19 July 2021
Disclaimer: GARTNER and Hype Cycle are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.