Highlights

  • For a personal email address between Gmail and Outlook, Google most prefered from a security perspective.
  • For attackers, email is the most preferred medium to target businesses.

InQuest, a frontrunner in email security and emerging threat prevention services and solutions, unveiled the general availability of the ongoing test data recently. InQuest Labs leveraged data to assess and evaluate the security efficacy of the leading cloud-based email providers, Microsoft Office 365 (O365) and Google Workspace (GSuite).

InQuest has published a living document containing more details such as explorable graphs and access to the data used in the ongoing experiment in the Labs portal.

Pedram Amini, CTO at InQuest, said, “Look, if you’re deciding between a GMail.com vs. Outlook.com for a personal email address, there’s no doubt you’re better off with Google here from a security perspective. Drawing any conclusion beyond that becomes a little more complicated”. Here’s what the data explains:

  • In reality, about 5% to 10% of real-world threats can successfully reach a user’s inbox.
  • An ebb and flow to malware campaigns can increase this range from 1% to 40% on any given day.
  • com has turned out to be more secure than Outlook.com when it comes to personal mail.
  • While talking about corporate email, Microsoft O365 with ATP (a pay for enhancement) usually outperforms Google from a security perspective, but not every day.
  • Microsoft is good at blocking Office-borne malware, whereas Google is good at PDF and Java-borne malware.
  • The number of third-party security providers available for the Microsoft platform is more than that for Google.

InQuest is dependent on gap analysis endeavors to determine where best to focus their research and development efforts.

Michael Arcamone, InQuest CEO and Founder, said, “Our platform was born out of necessity in the basement of the Pentagon as the result of a gap analysis performed over a decade ago. When we looked at expanding our offerings from the public sector to the private sector, we went back to our roots and performed another gap analysis on the most commonly leveraged attack vector (email) targeting the private sector.”

He further added, “You can’t build or sustain a successful startup by overlapping engineering and research efforts with the big names, so we focused our team’s efforts on specific problem sets that continue to pose a significant challenge across all verticals of the private sector. What we have uncovered with the Trystero project is that there is a false sense of security projected by the major cloud-based email providers and assumed by their customers. We have empirical data to support those findings and have now put that data on display for all to see.”

Email continues to be a top medium for attackers to target businesses. According to the Internet Crime Complaint Center (IC3), email “phishing” is among the top crimes reported in 2020, more than double the number of complaints seen in 2019.

In March 2020, CSO Online stated that “94% of malware is delivered by email” and “phishing attacks account for more than 80% of reported security incidents”. Maximum of the Ransomware attacks can be traced back to an email. Undoubtedly, email has become the most leveraged vector for many successful attacks.