Google’s Gmail Upgrade—Why You Need A New Email Account – Forbes
Gmail making the case for you to switchRepublished on January 22 with a new warning about the Generative AI tools now coming as standard from Google, Microsoft and others, and critical mitigation, as well as new security advice for those running Microsoft’s email platforms, including confirmation on end-of-support dates this year.You have been warned. The 2025 threat landscape is set for an AI revolution, and whatever defenses you have in place will almost certainly not be good enough. Nowhere is this more true than with our email platforms at home and especially at work. “Email is the most common cyberattack vector for businesses,” a new cyber insurance report has just reinforced, “serving as the most prevalent initial entry point to launch financial fraud, ransomware, and data breach attacks.”Despite all the cyber noise, sometimes a stat or datapoint still has the potential to stand out. And so it is with the latest report from At-Bay, lauding the benefits of email that’s more secure by default. Maybe there’s some hope after all.At home there are checks you can do that will help you review your settings and make recommendations — Google’s account security check-up, for example. But at work it’s more complex, given that many of these settings will fall to your IT department to control. But that flexibility comes at a price. “At-Bay strongly recommends transitioning to a cloud-based email solution to mitigate security risks and ensure proactive vulnerability management.”Nothing new here — but that transition to cloud brings the potential for increasingly game-changing defenses to be built around email and for a rethink as to how these platforms operate. We’re not there yet, but this is a step.Gmail scores well in the new report — its security upgrades in recent years are paying off in the real world data collected from actual cyber insurance claims. “Organizations that used Google Workspace,” At-Bay says, “experienced the lowest frequency of incidents on average. Compared to the overall average, Google’s claims frequency was 54% lower.” The insurer highlights features included by default “that may not be the default setting in other email solutions.” These include “real-time scanning for phishing emails and malicious attachments, automatic security updates to protect against vulnerabilities, and integrated threat intelligence to proactively identify and respond to potential threats.”Gmail might be the largest email provider on our planet with its claimed 2.5 billion users, but Workspace does not dominate at work the way Gmail might at home. The point being that there’s no need to play with settings to secure the platform, it’s “a comprehensive and robust security framework out of the box, without requiring additional attention to set up or configure.” Harder to run a comp in the wider world, but this enterprise data does provide some evidence this approach is working, and that the defaults are getting better.The question is how this will evolve to cope with new AI threats heading fast in our direction. As I’ve commented before, email is a second-rate technology that has not evolved at the same pace as almost everything else. We still see too many blatant threats skip through any and all defenses into our inboxes. It’s still to easy for anyone to ping anyone, and new AI innovations make that all the more dangerous by making those threats more realistic.We are now seeing two parallel developments. A hybrid mix of on-device and cloud screening for threats that target our phones in particular, but new AI desktops and laptops can extend this; and new safe browsing innovations that don’t only rely on centrally collated lists. It’s time for an email rethink that evolves email into a more messenger-like platform, and screens emails for threats to a level that doesn’t happen today. This is what Elon Musk has in mind with X-Mail.Realistically, Google and Gmail are best placed to do this first across a huge user base. But in the meantime, these stats are a great ad for fully managed, cloud-based email at home and at work. Whether Gmail or one of the alternatives, if this isn’t what you’re running today then the numbers would suggest it might be time to switch.On that note, the report from At-Bay will be interesting to those administering SMB or enterprise email, where traditional choices may now give way to managed alternatives for the first time. Now, as reported by Bleeping Computer, “Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers.”For those on extended support, this could well be an opportunity to explore alternatives — whether from Microsoft or others — to the traditional approaching of rolling forwards the same or next-gen option. Microsoft confirms that “customer installations of Exchange 2016 and Exchange 2019 will of course continue to run after October 14, 2025; however, due to the upcoming end of support date and potential future security risks, we strongly recommend customers act now.” The company suggests migrating to Exchange Online or Microsoft 365.“Migrating to the cloud is the best and simplest option to help you retire your Exchange Server deployment,” the company says, which is aligned with the cyber advice from At-Bay. “When you migrate to the Microsoft cloud, you make a single hop away from an on-premises deployment, and benefit from new features and technologies, including advanced generative AI technologies that are available in the cloud but not on-premises.”Microsoft’s cloud-based solutions provide a material security step-up for organizations still operating on-premise email, and At-Bay is unequivocal in recommending a move away from on-premise. The security step-up includes Exchange Online Protection (EOP), “the cloud-based filtering service that protects organizations against spam, malware, phishing and other email threats. EOP is included in all Microsoft 365 organizations that have Exchange Online mailboxes.”Listening to the cyber insurance industry when it comes to such decisions clearly makes sense. As TechRadar points out, “one of the biggest influences on the state of ransomware in the relatively short period since it really arrived just over ten years ago has been cyber insurance. Though not always to the benefit of victims, years of policy changes and updated requirements for cover have seen it make organizations much more resilient in the long run.”But it’s not all that plain and simple. There are risks in shifting to cloud-based, managed platforms that organizations will need to mitigate. One of the most blatant examples is Generative AI. Google and Microsoft are normalizing AI in their enterprise platforms. Per The Verge (1,2), “Google is bringing all its AI features to its Workspace app at no extra cost as it continues to race Microsoft, OpenAI, and others to build the AI-powered office suite of the future;” and “Microsoft is relaunching its free Copilot for businesses as Microsoft 365 Copilot Chat, complete with the ability to use AI agents.”A new report from Harmonic Security warns that while “Generative AI (GenAI) tools have become integral to modern workflows, promising efficiency and innovation, these benefits come [with] significant risks related to data security. Despite their potential, many organizations hesitate to fully adopt Al tools due to concerns about sensitive data being inadvertently shared and possibly used to train these systems. Organizations risk losing their competitive edge if they expose sensitive data. Yet at the same time, they also risk losing out if they don’t adopt GenAl and fall behind.”A tough dilemma. The researchers say they “analyzed tens of thousands of prompts going into ChatGPT, Copilot, Gemini, Claude, and Perplexity to examine data leakage trends in Q4 2024. With this data, the report provides unique insights into what types of information are being shared with GenAl tools and the associated risks.”Their key findings make for stark reading, including sensitive information being shared, such as “billing information, customer reports, and customer authentication data, employee data, legal and finance,” as well as “information on Sales Pipeline Data, Investment Portfolio Data, and Mergers and Acquisitions.”Enterprises have yet to square this circle. As I have warned before, we are still at the early, explorative stages with GenAI, and it’s understandable organizations are hesitant to open the floodgates until they’re more certain about what protective mechanisms can be put in place. Harmonic Security’s report cites research showing more than 80% of companies now worry about sensitive information leaking via GenAI tools, and almost all recognize the need for clearer governance.Stepping back, there clearly needs to be an easy brake for organizations to adopt a managed service for its security wrap, but to be more picky — at least for now — with the GenAI tools that increasingly come along with it.“Here’s the rub,” Harmonic Security concludes, “organizations risk losing their competitive edge if they expose sensitive data. Yet at the same time, they also risk losing out if they don’t adopt GenAl and fall behind. That is the quandary that we want to solve. Organizations must move beyond ‘block’ strategies to manage GenAl risks effectively.”That means real-time monitoring, visibility into the prompts being entered into GenAI tools with some protective filters added into the mix, data classification (as has existed for some time in other tools), the protection of certain classes of information from ever being shared or exposed, and — critically — user training.One Community. Many Voices. Create a free account to share your thoughts. Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.Your post will be rejected if we notice that it seems to contain:User accounts will be blocked if we notice or believe that users are engaged in:So, how can you be a power user?Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
