A growing number of attacks on businesses and their customers are evading email security systems. Can automation really make the difference?
If you’re reading this blog post, chances are your current email security controls are leaving something to be desired. With the sheer volume of email rising fast and cybercriminals continuing to prioritize email over all other threat vectors combined, is automating your email protection the only way to intelligently combat the attackers?
At Agari, we believe the answer is “yes.” According to reports, business email compromise (BEC), customer phishing and other forms of advanced email attacks targeting businesses have spiked 80% in just the last three months. And it’s paying off big for perpetrators.
By some industry estimates, 92% of businesses have been hit by fraudulent emails during the last 12 months—with up to 23% suffering direct financial damage as a result. In the US alone, losses from email attacks could top more than $670 million this year.
Adding insult to injury: Nine out of 10 businesses have experienced domain name fraud or unauthenticated email traffic over the last six months, including phishing attacks that hijack their brand name in order to target phishing attacks to customers. Last year, consumers lost $172 billion through such schemes, damaging the impersonated brands’ reputation.
With attack volumes and success rates rising fast, businesses can find themselves overwhelmed—fast.
Some of these attacks involve malware or viruses hidden within attachments. Others have links pointing to phishing sites. Then there are the more sophisticated, socially-engineered BEC scams, which are proving the most difficult to detect.
These expertly crafted, exquisitely targeted messages are designed to start a conversation with employees and eventually fool them into coughing up login credentials or authorizing a wire transfer under the mistaken belief that they’re responding to a trusted colleague or vendor.
Today, 60% of BEC attacks rely solely on simple text and sophisticated forms of domain spoofing, making it virtually impossible for most email security systems to detect them.
Meanwhile, the endless game of whack-a-mole involved with finding and shutting down brand impersonators using an organization’s actual or lookalike domains for phishing scams can be frustratingly ineffective.
Faced with non-stop attacks both inbound and out, security and incident response teams can be left scrambling to keep up. That’s usually where the question of automation comes in. Can it really help? Absolutely—if it’s done right.
Autopilot, or Crash and Burn?
Today, there’s a growing shift to email security automation solutions that allow companies to assess both incoming and outbound attacks and respond to them immediately, without human intervention—usually for the most common, labor-intensive forms of attacks. The idea: Free up security analysts to focus on the most complex threats.
But given today’s rapidly evolving threat environment, most traditional forms of automation will only go so far. After all, SEG, Advanced Threat Prevention and other email security control points are among the most widely used automation tools for threat detection, yet up to 60% of advanced email attacks are flying under the radar. It’s even worse for the vast majority of outbound attacks that hijack a company’s email domain to send out phishing messages. As volumes grow, organizations can still find themselves outgunned.
Instead of relying on technologies geared to sniffing out bad behavior and malicious content, it stands to reason that some organizations will be drawn to automated solutions that are built on an entirely different approach to threat detection and disruption.
For organizations dealing with spear-phishing or brand abuse, the best options will be those that integrate advanced machine learning and artificial intelligence to map communications between individuals, detect behavioral anomalies, and understand the relationships between sender and recipient in order to detect even the most advanced deception techniques, both inbound and out.
The Rise of Next-Gen Automation
Still, even with solutions that are able to take on the most advanced email attack modalities, challenges remain.
The task of onboarding large numbers of suppliers in order to protect against invoice fraud, or commandeering any number of domains controlled both internally and by external partners who send email on your behalf can be enormous. Continuously maintaining it all against every new form of attack? Monumental.
As a result, many organizations may find that providers that are able to fully integrate any subset of these functions, or all of them, may be their best choice. Using Agari as an example, our Agari Enterprise Protect and Customer Protect solutions leverage AI-based modeling and real-time threat intelligence to help thousands of the world’s largest category-leading brands protect against inbound and outbound threats.
With our Fall ’18 release, we now offer the only fully automated platform for advanced email threat protection available. We’re talking automated protection against domain spoofing and account takeover (ATO), partner and vendor impersonation, credential harvesting and zero day malware and more.
In terms of brand protection, this new release offers fully-hosted email authentication (DMARC, SPF and DKIM) to dramatically simplify the otherwise tedious and time-consuming process involved with preventing brand impersonations, including lookalike domain spoofing—freeing up staff for other urgent matters. To round it all out, new message search and orchestration workflow support help reduce the time and effort to manage and triage security incidents related to email.
The ‘Race’ is On
Will more organizations opt for automated email threat protection? Or will they seek to somehow staff up existing, overworked security teams to handle the growing onslaught of attacks?
Whatever the case, they may want to step on it. With advanced email threats now growing at 136% per year or more, this is one arms race none of us can afford to lose.