Email Security

We Asked 8 Email Security Experts What CISOs Should Prioritize In 2025

8 email security experts share their insights.

Last updated on Jan 31, 2025
Joel Witts Written by Joel Witts
Email Security Priorities

Email remains a primary vector for cyberattack and so robust email security strategies are essential to protect organizational communication and data.

As we plan our defenses for 2025, how can CISOs effectively enhance email security to counter evolving phishing schemes, malware threats, and impersonation tactics?  

We asked 8 email security experts for their advice: 

Brian Reed, Senior Director of cybersecurity Strategy, Proofpoint: To effectively defend against email attacks, organizations need a multi-layered defense strategy. Attackers are jumping across platforms and channels to infiltrate and move laterally within organizations. Implementing multi-factor authentication, targeted user awareness training, conducting regular risk assessments and ensuring overall alignment between the board and CISO would be considered a good step forward. The fact is that today’s cyber-attacks are multi-layered, integrated, and targeting people—not just technology. Thus, if you are only relying on a gateway for pre-delivery protection, or post-delivery API inspection, you need to take a more comprehensive approach than a single point of inspection. A multi-layered, human-centric approach to protecting people and data should be a priority for all organizations in 2025. Read the full Q&A 

Usman Din, Director of Product Management, Cisco Security: Organizations should prioritize leveraging a supplemental email security solution with AI driven capabilities that quickly detect and remediate these advanced threats. We recommend leveraging supplemental security tools that maximize a company’s existing investment and provide layered defenses that most rigorously defend an organization.   For holistic protection, organizations should integrate their email security into larger XDR, EDR, SOAR and SIEM frameworks. For organizations using cloud-based email platforms, API-based security solutions that can integrate seamlessly with these platforms should be a priority. These solutions need to be scalable and simple to deploy, while offering enhanced threat detection specific to cloud-based email. Read the full Q&A  

Angel Grant, SVP of Product Marketing Management at Mimecast: In 2025, organizations must move beyond disparate and siloed security solutions, as these will no longer provide adequate long-term protection. Instead, IT and business leaders should prioritize comprehensive security platforms that seamlessly integrate into existing systems and networks. Any holistic cybersecurity strategy is incomplete without an eye to compliance. There are many new requirements on the horizon, including the upcoming PCI DMARC deadline.  Compliance needs will continue to rise in 2025 and beyond, with a greater focus on AI development and usage. By building strong foundations to guide AI adoption, organizations can better equip themselves to meet compliance standards, and, more importantly, to keep users safe and informed. Read the full Q&A 

Olesia Klevchuk, Director of Product Marketing, Barracuda Networks: Deploy AI-powered email security to detect and mitigate sophisticated attacks like spear phishing and BEC. Invest in Incident Response automation – reduce response time and minimize damage with solutions capable of automated post-delivery remediation. Achieve DMARC Enforcement. improve email authentication to prevent domain spoofing and protect your brand reputation. Focus on integration: Plan to integrate email security into a cohesive security architecture, including extended detection and response (XDR) solutions, which will provide unified visibility, faster threat mitigation, and compliance. Read the full Q&A 

Tony Anscombe, Chief Security Evangelist, ESET: Due to the fact that both bad and good actors are utilizing AI, making full use of a mature security solution that layers and utilizes AI and machine learning will best enhance a company’s email solutions going forward. Additionally, anyone operating Microsoft 365 should prioritize complimenting the environment with a third-party security solution. Read the full Q&A 

Rodolfo Saccani, CTO & R&D Manager, Libraesva: A recent study commissioned by Libraesva highlights that companies are, in general, not prioritizing email security, despite 88% of the CISOs, security and IT professionals surveyed said that their organization has experienced a successful email security attack in the last quarter. The truth is that the levels of investment, innovation, and skills needed to repel these threats are not being committed. As attackers develop even more sophisticated methods, the gap between these attacks and the ability of traditional email security methods to repel them will only widen. Read the full Q&A 

Eddie Monaghan, Sales Enablement Officer, TitanHQ: First, take a close look at what solutions you currently have in place with a view to investigating how effective these solutions are with respect to the ever-evolving threat landscape. Are the current solutions using technologies like AI and LLM? When is the last time their current vendor updated the product and are they comfortable that it is fulfilling all their requirements? Also, when is their current solution due for renewal? Between 120 and 90 days from renewal date is often a good the best time to review option. Second – make sure that they have all users enrolled in phishing simulation campaigns that are designed to identify the latest and most sophisticated e-mail threats. And finally, ensure that MFA is deployed across all e-mail accounts using app-based authentication as opposed to SMS. Read the full Q&A 

Rajan Kapoor, Field CISO, Material Security: Continue to monitor and stay on top of evolving threats. Continue to train and raise awareness. Phishing and email security trainings, simulations, and awareness campaigns are critical. Likewise, pay attention to the sources of inbound emails themselves: DKIM, SPF, and DMARC, as well as tracking known sender and domains is critical.  Your inbox is a treasure trove of sensitive data, and your shared files even more so. Ensure you have visibility into what confidential, regulated, and mission-critical data exists and who has access to it.  All it takes is one distracted user clicking the wrong link for an email account to be breached. Take steps to make sure that even if an account is taken over, the damage an attacker can do is limited. Read the full Q&A 

Further reading 

Joel Witts

Content Director

LinkedIn Email
Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.