Decrypted | Insights from Virtru to Unlock New Ideas

Inbox vs Outbox: The Stark Difference Between Business Email Compromise (BEC) & Data Centric Security (DCS)

Written by Matt Howard | Oct 4, 2023 5:46:49 PM

Email continues to be one of the top attack vectors for cybercriminals. As organizations increase their digital collaboration with partners and vendors, it's critical to implement safeguards for both incoming and outgoing email communications. In this post, we'll explore two key email security capabilities - Business Email Compromise (BEC) protection and Data Centric Security (DCS) - and how they work together to secure your inbox and outbox.

What is Business Email Compromise (BEC)?

BEC refers to a type of cyberattack where criminals impersonate trusted contacts like executives or vendors to trick employees into sending money or sensitive data. Black hat tactics include:

  • Spoofing - Disguising an email to make it appear to come from a legitimate source.
  • Phishing - Sending emails with malicious links or attachments that install malware.
  • Social engineering - Manipulating victims through persuasive language.

BEC products focus on securing the enterprise inbox from these external email threats.  With BEC protection, organizations can filter out dangerous emails before they ever reach an employee's inbox. Key features including:

  • Automated threat detection - Using AI and machine learning to spot imposter emails and block malware.
  • Policy enforcement - Setting rules to quarantine suspicious messages.
  • Reporting - Providing visibility into BEC attack campaigns targeting the organization.
  • Awareness training - Educating employees on identifying fraudulent emails.

What is Data Centric Security (DCS)?

While BEC protects the inbox, DCS focuses on securing an organization's outbox. It helps control sensitive data shared through email and other collaboration channels.  DCS capabilities include:

  • Data discovery - Automatically detecting sensitive or regulated data such as PII, financials, or IP.
  • Data classification - Tagging and labeling emails and files containing sensitive data.
  • Policy enforcement - Blocking restricted data from being emailed externally or implementing digital rights management.
  • Access controls and Encryption - Securing sensitive email content and attachments and guaranteeing that data shared externally can be accessed ONLY by intended recipients.
  • Audit trails - Monitoring who accessed confidential data.

With a DCS solution, organizations can reduce data leakage via outbound email.  But, most importantly, DCS products enable organizations to do more business -- by giving them the confidence to share sensitive data externally without sacrificing security, privacy, or compliance.

Keep Out Bad Guys vs. Get Business Done

While BEC products protect your email inbox from external threats, DCS does two very different, and very important things for the email outbox:

  1. prevents sensitive data from accidentally leaving your business
  2. protects sensitive data that must be shared externally in order to get business done

Using the two solutions together provides a defense-in-depth approach to email security.

In today's evolving threat landscape, the best organizations are embracing advanced safeguards to govern risk associated with both entry and exit points.  Recently, I had a customer explain it to me this way: 

"BEC products represent one side of the email security coin; and they're all about keeping bad guys out of your inbox.  DCS products represent the other side of the coin; and they're all about wrapping security and access controls around sensitive pieces of data so you can confidently share stuff externally and get more business done."

At Virtru, we do not offer BEC solutions, but we are the best in the world at delivering simple and affordable DCS solutions to protect your email outbox.  Go here to schedule a demo and learn why more than 8,000 customers trust us for data centric security.