Email Security Blog

Email Security and the Upheaval of Online Crime

Markus Jakobsson August 11, 2016 Cybercrime, Email Security
Fallback Featured Image

For the last 25 years, I have been immersed in Internet security, from the mathematics of security to the psychology of it. I have pushed the envelope on cryptographic methods, user education, malware detection, improved user interfaces, and fraud detection, and have spent considerable time building models to predict the development of online crime, based on technical and psychological vulnerabilities. In addition, I have learned to identify and focus on the principal weaknesses in a system – and firmly believe that this is related to something as commonplace as email.

Email Related Crime is Exploding
Online crime is going through an upheaval. Only a few years ago, the typical online crime involved scammers email blanket bombing anybody they could reach, offering recipients discounted Cialis and posing as Libyan widows (although normally not in the same email). While such abuse is still taking place, this type of crime has shifted sharply to targeted attacks, whether involving malware used for extortion or using social engineering to extract money or proprietary data. The move to targeting, fueled by breaches and a dearth of public information, increases yields by making the messaging more credible and by circumventing traditional security technologies. The poster child of targeted email attacks is business email compromise (BEC), which the FBI reports has increased 1300% since 2015. Email is an indispensable tool for enterprises and individuals … and for criminals.

Nobody Measures the Indirect Losses
It is difficult to correctly assess the direct losses due to online crime since many of these crimes go unreported. It is even harder to assess indirect losses: an organization can attempt to measure the lost productivity resulting from employees erasing unwanted emails, but it is almost impossible to determine the cost of lost trust. While hard to measure, though, it is safe to say that the indirect losses are likely to balloon at a pace similar to that of the direct losses, and that when an inflection point of the latter is reached, the indirect losses will spiral out of control.

Why Agari Matters
Everybody understands “location, location, location” in the context of real estate. The same principle holds for Internet security. And this is where Agari affects most of us, every day. The Agari Email Trust Platform has visibility into 10 billion email messages every day, and protects 70% of global inboxes. The platform is trusted by leading Fortune 1000 companies to protect their enterprise, partners and customers from advanced email attacks. These companies include six of the top 10 banks, five of the world’s leading social media networks and a wide range of government institutions. With Internet crime on the rise, Agari is at the heart of fighting back.

This is why I am excited about joining Agari as Chief Scientist. It is my job to identify new trends of crime, help design new detection tools and push back on the tide of abuse. It is a humbling task, and I am under no illusions of the existence of a silver bullet — but Agari is the right place to maximize the impact of the effort.

The Agari Email Trust Platform combines a unique, identity-based approach to email security with the world’s largest footprint of email traffic, to provide unequalled visibility into global email traffic. With the Agari Trust Analytics engine, the platform is able to identify and isolate cyberattacks by building behavioral ‘trust models’ based on the identity of the attacker. These models enable organizations stop email attacks that spoof any trusted domain, including their own, to ensure that their employees, partners and customers only interact with trustworthy email messages.

Thanks very much to Ravi, Pat and the entire team at Agari for inviting me to be part of this exciting company. You can read the full news release here.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 18, 2019 Patrick Peterson

Businesses Grow More Vulnerable to Email Attacks, Even with Improved Defenses

Cybercriminals increasingly use new forms of identity deception to launch an email attack to target…

Agari Blog Image

July 16, 2019 Seth Knox

Microsoft Office 365 + Agari Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics… more than 70% of all business users will be provisioned with…

Agari Blog Image

July 11, 2019 Armen Najarian

Restoring Trust to Digital Communications: How Smart Communities Model the Good

Legacy email security systems are failing, as more enterprises migrate their emails to the cloud…

Agari Blog Image

July 10, 2019 Ronnie Tokazowski

‘Til Death Do Us Part… Romance Scams and the BEC Game

When we think of business email compromise (BEC), the first thing that comes to mind…

Agari Blog Image

June 27, 2019 Siobhan McNamara

The 4 Fundamentals of AI-Based Email Security

Predictive, AI-based email security is proving to be remarkably effective at protecting against today's most…

mobile image