Email Security Blog

Email Security: Using AI to Prevent Business Email Compromise

Michael Cichon June 6, 2019 Email Security

Business email compromise (BEC), phishing, and ransomware are growing ever-more targeted and personalized, changing the face of email security from an event that happens at email delivery to a continuous process of detection and remediation.

As enterprises move email to the cloud, more of these attacks are never-before-seen, zero-day events targeting unreported security gaps. Others arrive as plain-text messages or involve malware or trojans customized in any of hundreds of variations to evade detection. A few leverage legitimate URLs with time-bombed links that redirect only after an email is successfully delivered.

Almost all leverage sophisticated social engineering ploys to spark just enough curiosity or anxiety to manipulate recipients into revealing sensitive information, surrendering login credentials, or making payments on fraudulent invoices.

Since these attacks target human emotions, legacy defenses no longer work very well. There are simply no telltale signatures of malicious content or payloads to detect. Antiquated whitelists are manual and lack flexibility. Email security training obviously can help, but it can also introduce high volumes of employee-reported spam and false positives, leaving the security operations center (SOC) overburdened to hunt down and remediate legitimate threats.

SOCs Left Scrambling after Advanced Email Attacks

A simple truth for the modern enterprise is that new email threats evolve so quickly, some inevitably slip through or activate post-delivery. And once they’ve evaded initial detection, they move laterally through the organization, impacting other inboxes or infrastructure. Fraudsters exploit cloud-connected file sharing, messaging, and collaboration tools to lure in new victims.

Once this happens, legacy email security controls are largely out of scope for the emerging incident. SOC teams armed with SIEM and SOAR tools descend to analyze, triage, and remediate, but these tools typically provide little ability to remove threats that have spread to other inboxes across the organization. As a result, it can take weeks or even months to even detect an email-based attack, during which time organizations can face costly damage, including direct financial losses, theft of valuable IP, financial liability, and damage to their brand reputation.

In fact, the average cost of a successful email-based attack averages $2 million and up. When they result in a data breach, the price tag averages $7.9 million per incident—and is growing fast.

Rising Account Takeovers Problematic for Legacy Vendors

One of the most dangerous and rapidly growing attack modalities is the account takeover (ATO)-based attack, in which cybercriminals use compromised email accounts of trusted individuals and businesses to defraud internal targets within a company, as well as their partners, customers, and numerous third-parties. In fact, based on our own data, this type of attack grew from single digits to nearly 30% of all attacks just in the first quarter of 2019.

Some criminals will use these pirated accounts to request wire transfers or ask HR to change personal details for direct deposits. Others will commit any number of financial crimes against employees, partners, and others connected to the legitimate owner of the account—including family, friends, and companies with which they conduct personal business. According to Forbes, 29% of organizations report their Office 365 email accounts were compromised in just one thirty-day period earlier this year.

It’s true that a few legacy security vendors attempt to address these changing dynamics in limited ways. But they usually involve expensive add-ons that are bolted atop legacy architectures—bloating IT infrastructures along with CAPEX and OPEX accounts. Fortunately, there are a handful of other providers that have taken a different approach.

Looking at the revolution in email artificial intelligence (AI) and machine learning (ML), these providers have come to recognize how these technologies can play a critically important role in augmenting legacy security controls with a predictive form of email security capable of stopping even the most advanced zero-day attacks.

Returning Confidence to the Inbox

Indeed, the idea behind the Secure Email Cloud is not only to stop all advanced attacks, but to predict and stop new and evolving threats you haven’t yet seen, dynamically and with minimal cost and overhead. By providing the ability to use newly-reported indicators of compromise to locate and defeat latent threats hiding in the inbox, the Agari technology picks up where other email security systems leave off. And by providing SOC teams with automated tools to rapidly address threats activated post-delivery, it reduces the time and money it takes to detect and remediate email-borne exploits and breaches.

In this four-part series, we’ll take a closer look at how machine learning and other technologies underpin the Secure Email Cloud to close the security gap in a solution that’s easily integrated into any email infrastructure—on-premise, in-cloud, or within hybrid environments. It’s a real-life example of how predictive, applied ML technologies can give organizations the confidence to open, click, and trust everything that hits their inboxes, without fear of fraud or a zero-day event.

To learn more about how Agari applies the power of machine learning-based AI to prevent phishing attacks, BEC scams and more, download an exclusive white paper on the Agari Identity Graph.

This is part one of a four-part series, you can find part two, part three, and part four here. 

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

May 12, 2020 Chuck Holland

Hosted DMARC: Accelerating Protection Against Email-based Brand Jacking Scams

The coronavirus pandemic is shining a spotlight on the importance of hosted Domain-based Message Authentication,…

Agari Blog Image

March 17, 2020 Armen Najarian

Phishing & Business Email Compromise (BEC): How Law Firms Can Protect Against Email Scams

The legal sector is learning some painful lessons about the growing threat phishing and business…

Agari Blog Image

December 17, 2019 Armen Najarian

Email Security Predictions 2020

Spoiler alert: When it comes to email security and the fight against business email compromise…

Agari Blog Image

November 19, 2019 Suela Vahdat

BEC Attacks on the Rise in Europe: 2019 Email Threat Survey

Business email compromise (BEC) scams, phishing campaigns, and other targeted email attacks happen all over…

Agari Blog Image

November 4, 2019 Doug Jones

Microsoft Office 365 + Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics… more than 70% of all business users will be provisioned with…

mobile image