For the last 25 years, I have been immersed in Internet security, from the mathematics of security to the psychology of it. I have pushed the envelope on cryptographic methods, user education, malware detection, improved user interfaces, and fraud detection, and have spent considerable time building models to predict the development of online crime, based on technical and psychological vulnerabilities. In addition, I have learned to identify and focus on the principal weaknesses in a system – and firmly believe that this is related to something as commonplace as email.
Email Related Crime is Exploding
Online crime is going through an upheaval. Only a few years ago, the typical online crime involved scammers email blanket bombing anybody they could reach, offering recipients discounted Cialis and posing as Libyan widows (although normally not in the same email). While such abuse is still taking place, this type of crime has shifted sharply to targeted attacks, whether involving malware used for extortion or using social engineering to extract money or proprietary data. The move to targeting, fueled by breaches and a dearth of public information, increases yields by making the messaging more credible and by circumventing traditional security technologies. The poster child of targeted email attacks is business email compromise (BEC), which the FBI reports has increased 1300% since 2015. Email is an indispensable tool for enterprises and individuals … and for criminals.
Nobody Measures the Indirect Losses
It is difficult to correctly assess the direct losses due to online crime since many of these crimes go unreported. It is even harder to assess indirect losses: an organization can attempt to measure the lost productivity resulting from employees erasing unwanted emails, but it is almost impossible to determine the cost of lost trust. While hard to measure, though, it is safe to say that the indirect losses are likely to balloon at a pace similar to that of the direct losses, and that when an inflection point of the latter is reached, the indirect losses will spiral out of control.
Why Agari Matters
Everybody understands “location, location, location” in the context of real estate. The same principle holds for Internet security. And this is where Agari affects most of us, every day. The Agari Email Trust Platform has visibility into 10 billion email messages every day, and protects 70% of global inboxes. The platform is trusted by leading Fortune 1000 companies to protect their enterprise, partners and customers from advanced email attacks. These companies include six of the top 10 banks, five of the world’s leading social media networks and a wide range of government institutions. With Internet crime on the rise, Agari is at the heart of fighting back.
This is why I am excited about joining Agari as Chief Scientist. It is my job to identify new trends of crime, help design new detection tools and push back on the tide of abuse. It is a humbling task, and I am under no illusions of the existence of a silver bullet — but Agari is the right place to maximize the impact of the effort.
The Agari Email Trust Platform combines a unique, identity-based approach to email security with the world’s largest footprint of email traffic, to provide unequalled visibility into global email traffic. With the Agari Trust Analytics engine, the platform is able to identify and isolate cyberattacks by building behavioral ‘trust models’ based on the identity of the attacker. These models enable organizations stop email attacks that spoof any trusted domain, including their own, to ensure that their employees, partners and customers only interact with trustworthy email messages.
Thanks very much to Ravi, Pat and the entire team at Agari for inviting me to be part of this exciting company. You can read the full news release here.