Email Security

Q&A: Cisco Security’s Director of Product Management On The Top Email Trends To Watch In 2025

Expert Insights interviews Usman Din, Director of Product Management, Cisco Security.

Cisco Security Director Product Management

Email-based threats like phishing, business email compromise, and ransomware continue to be top priorities for security teams. “The email security landscape is rapidly evolving, with attackers adopting increasingly advanced techniques to bypass traditional defenses,” says Usman Din, Director of Product Management at Cisco Security, in a conversation with Expert Insights.

In this Q&A, Din shares his insights into the pressing challenges facing organizations in the email security space, discusses Cisco’s innovative strategies for addressing these threats, and offers key recommendations for CISOs seeking robust email protection. Din also discusses the transformative trends shaping the future of email security as we head into 2025, from AI-powered threat detection to Zero Trust integration.

Q. What are the biggest challenges facing organizations in the email security space today and how are threats evolving?  

One major challenge is the use of obfuscation techniques, such as scripting, encoding, and image-only emails, to hide malicious payloads.

Attackers often encode URLs or files to make them harder for security tools to detect, with QR codes becoming a popular way to redirect users to unsafe links and exploit the weaker defenses of personal mobile devices. Cybercriminals also conceal payloads behind known and trusted services, leveraging techniques like captchas to limit how deeply automated systems can analyze URLs, effectively bypassing reputation-based and crawling defenses. 

Business Email Compromise (BEC) attacks have also evolved with the use of generative AI, enabling attackers to craft deepfakes, including synthetic videos and voice memos, to impersonate executives and create urgent calls to action. 

These AI-powered tools are also used to compose highly convincing and personalized phishing emails, making them more difficult for recipients to identify as fraudulent. To address the growing sophistication of email threats, organizations must adopt multi-layered security strategies that combine advanced detection technologies with user education. 

Q. How does the Cisco Secure Email platform help teams to address these challenges, and how do you differentiate the platform in this competitive space? 

Over the past five years, Cisco has systematically implemented its Secure Email strategy to address these challenges head on. Recognizing customers’ new requirements, Cisco decided to develop a supplemental email security solution that collaborates with Microsoft. 

Secure Email Threat Defense uses Machine Learning and Deep Learning models to understand the intention of a message, who is sending it, and if the sender is pretending to be someone they are not. 

We can learn what a legitimate message looks like and identify the parts of an email that indicate malicious intent, making it easier to predict those markers and assure that legitimate messages go through. This is accomplished by generating signals based on data-driven detections that are then leveraged to create a verdict. 

However, a single signal does not provide enough information to decide the intent of a message; rather, it’s the collective detection of a cluster of techniques and contextual understanding of the language in a message. Importantly, Email Threat Defense uses AI in the relationship mapping between senders and recipients. 

This insight, which continues to evolve over time, helps to identify anomalies quickly in the communication style, frequency, and content, which might indicate the presence of a threat. Email Threat Defense also leverages AI to detect the impersonation of users and brands and identify threats within QR codes and images. 

Q. What are your top recommendations for CISOs in the process of looking for an email security solution?  

We encourage CISOs to research solutions that provide the most advanced AI capabilities and demonstrate a clear and strategic roadmap for continued AI-driven innovation. Email Threat Defense helps customers to evaluate their existing email security solution, discover gaps, and rectify those with a quick and simple implementation. 

While AI has immense potential to enhance security, firms without robust data protection policies risk exposing sensitive customer information. If customer data used to train AI models is not properly safeguarded, it could lead to breaches or misuse, undermining trust and compliance. Additionally, over-reliance on AI without proper human oversight can result in missed threats, especially as attackers adapt and test their methods against AI detection systems. 

We recognize that CISOs struggle with the disparate and growing number of security solutions in their ecosystems, so we purposely created a way to simplify vendor management while attaining higher levels of security across an organization. Email Threat Defense is a key part of both the User Protection and Breach Protection Suites that streamline operations and increase security efficacy. 

Q. What trends do you expect to see in the email security space in 2025? 

As threat actors grow more sophisticated and organizations face increasing regulatory pressures, we expect to see some new (and not so new!) trends in email security for 2025

  • Increased focus on AI-powered threat detection and response  

We will see an increased reliance on AI-powered threat detection and response as attackers use AI and machine learning to craft convincing phishing emails and automate their attacks. Advanced email security solutions will leverage AI to detect behavior-based anomalies, identify unusual email patterns, and respond more quickly to emerging threats. 

However, this shift also raises concerns about over-reliance on AI, particularly when it comes to supervised learning models. These models depend heavily on labeled data, which can introduce biases or vulnerabilities if the training data is incomplete or flawed. 

Sophisticated threats such as BEC and phishing will remain prevalent, but they are evolving into more targeted and elaborate attacks. The rise of “deepfake phishing” is a significant concern, as cybercriminals use AI-generated audio and video to impersonate executives or trusted partners, enhancing the effectiveness of social engineering tactics. These attacks often span multiple channels, blending email with phone calls or video messages to manipulate targets and bypass traditional detection systems.

  • Growing use of obfuscation techniques 

We expect to see an increased use of obfuscation techniques, such as Scalable Vector Graphics (SVG) which leverage code to render images, effectively concealing malicious payloads from conventional scanners and even advanced image recognition tools. 

Additionally, more phishing campaigns will rely on image-only emails, which complicate detection and require costly and resource-intensive extraction and analysis to identify threats. These images are often used to deliver fake invoices or other fraudulent documents, complete with call-back numbers designed to lure targets into scams and extract funds.   

Another example of obfuscation is the use of Unicode and other formatting techniques to bypass detection mechanisms. Unicode can be manipulated to disguise malicious links by visually altering characters or injecting hidden code, making URLs appear legitimate to both users and security systems. Attackers are also leveraging unconventional text encodings and formats to obfuscate payloads further, slipping past filters that rely on standard character and syntax detection.

3. Rising demand for API-based and cloud-native email security solutions  

As organizations shift to cloud-based email platforms like Microsoft 365 and Google Workspace, demand will increase for API-driven, cloud-native email security solutions that offer easy integration and scalability. These solutions will also benefit from simplified management and the ability to offer advanced threat detection at scale.

  • Zero Trust integration with email security  

The Zero Trust security model is becoming standard in many organizations, and email security will need to align with this approach. Expect email security tools to include more features that support Zero Trust, such as continuous monitoring of user behavior, contextual access controls, and advanced verification. 

  • Increased use of post-delivery protection and remediation  

As sophisticated phishing emails bypass traditional security filters, more focus will be placed on post-delivery protection. This includes capabilities to detect, quarantine, and remediate threats after they reach the inbox, allowing security teams to neutralize threats before they cause harm. 

Q. In your view, what should organizations’ top email security planning priorities be for 2025? 

1. Use Layered Security for Maximum Protection 

As bad actors use more sophisticated AI methodology to increase their chances of a successful email-based attack, it’s even more important for organizations to deploy AI detection capabilities to thwart them. As the threat landscape continues to grow and morph, it becomes more urgent to utilize continuously evolving and more comprehensive threat detection. 

Organizations should prioritize leveraging a supplemental email security solution with AI driven capabilities that quickly detect and remediate these advanced threats. We recommend leveraging supplemental security tools that maximize a company’s existing investment and provide layered defenses that most rigorously defend an organization.  

2. Integrate email security with XDR, EDR, SOAR, and SIEM platforms 

For holistic protection, organizations should integrate their email security into larger XDR, EDR, SOAR and SIEM frameworks. Cisco Breach Protection Suite provides an integrated approach to security that empowers teams to stop attackers quickly, before the damage is done. 

Designed by security practitioners for security practitioners, it unifies threat detection, investigation, mitigation, and hunting solutions by integrating the Cisco security portfolio and select third-party tools across endpoint, email, network, identity, firewall, and cloud to reduce the time it takes to identify and remediate threats.  

3. Focus on Cloud-Native Security for Hybrid Work Environments 

For organizations using cloud-based email platforms, API-based security solutions that can integrate seamlessly with these platforms should be a priority. These solutions need to be scalable and simple to deploy, while offering enhanced threat detection specific to cloud-based email. 

In addition, the prevalence of remote work has led to the popular use of personal devices and protected work assets. That often leads to unseen or unprotected vulnerabilities and additional work for teams. Cisco User Protection Suite reduces the complexity of overlapping security systems, drives the zero-trust journey, and improves users’ experience with a consolidated, end-to-end approach that protects the entire organization. 

It makes it easier for IT and Security teams to protect organizations effectively and for employees to do their best work from wherever they are. By focusing on these priorities, we strongly believe organizations can build a more resilient email security posture which anticipates and mitigates the evolving threats expected in 2025. 


Further reading