Article Details

Email security needs more seatbelts: Why click rate is the wrong metric. So many security teams still measure phishing with the click rate. It’s easy to track and easy to put in a slide deck, but it’s also misleading. Measuring clicks is like "measuring the tide coming and going"—it fluctuates naturally and rarely predicts real-world impact. The more meaningful question is the one most programs can’t answer: If an attacker gets into a mailbox, how much damage can they do? That is your true maturity metric. Not completion rates, and not who remembered to hover over a URL. Even if your click rates are minuscule, all it takes is a single employee not paying attention. Not to mention the growing prevalence of inbox breaches that occur without any phishing attack at all. Phishing is just one possible entrance; the crisis happens next In the incidents that keep CISOs awake, phishing is just how access is obtained. The real problem is what happens once an attacker is inside: MFA isn't a silver bullet here—there are plenty of ways into a cloud workspace that bypass it entirely. If compromises are inevitable, the goal shifts from perfect prevention to resilience. Secure Your Google Workspace Without the Guesswork By implementing automated remediation workflows for your cloud workspace, Material Security handles the tedious stuff—like clawing back sensitive attachments or revoking risky third-party app permissions—without requiring manual intervention for every event. The layered approach to resilient email security Most email security tools on the market today focus solely on stopping inbound attacks–prevention. And this is of course critical–but it can’t be the only protection. Modern attacks move too fast, they come at too great a scale, and they’re too sophisticated. Any program relying on inbound protection alone is insufficient. Most organizations do fairly well at prevention, though often too limited in scope. More mature organizations have some detection and response capabilities. But very few effectively manage containment. The missing layer: containment Containment isn’t glamorous and doesn’t fit neatly into an existing security category. But it can also have an incredible impact on the severity of a breach. Think of it this way: prevention is maintaining your car, driving safely, and avoiding accidents. Detection and response is making sure everyone’s OK and calling for help after an accident. Containment is the seatbelt and airbags: the safety measures that make the crash less catastrophic. Containment isn't a slogan; it’s a set of pragmatic controls aimed at an attacker's post-compromise goals: Moving beyond manual triage The hurdle for most teams is time. No one has the bandwidth to manually audit every file permission or triage every user report. If you're serious about containment, you need systems that do the boring work automatically—detecting risks and remediating them in the background—so your team only steps in when judgment is actually required. What to measure instead If click rate is just the tide, these metrics actually reflect your risk: Email security has spent years obsessed with the front door. It’s time to start asking: if an attacker is in a mailbox right now, what can they do in the next ten minutes—and how quickly can you take that power away? See how Material Security automates containment. Sponsored and written by Material Security.