Previously, we examined the rising threat posed by BEC (Business Email Compromise) and why conventional email security tools are ineffective at precluding such attacks. Along with some of the organisational steps that can be taken as the first line of defence.
Staff email security awareness training should be carried out as a matter of course. It is a vital cyber defence mechanism, mainly where social engineering attacks such as phishing are concerned. However, as ever in the cyber security domain, organisational measures are rarely enough; given the sophistication of today’s cybercrime community.
Why do traditional SEG (secure email gateway) tools offer insufficient protection?
Traditional email security defence tools – such as spam filters, anti-virus and phishing protection – prevent some malicious mail from landing in email inboxes. The application of outbound mail controls (including encryption) can help ensure sensitive data stays within your organisation. However, such tools have their limitations:
“Signature-less” threats cannot be countered
Traditional email filtering tools analyse inbound mail by comparing URLs and attachments against a library of known threats. The vulnerability inherent in this approach is the small window of opportunity available to the hacker prior to their signature being added to this threat library. Cybercriminals are becoming more adept at exploiting these opportunities, launching what is known as “zero-day” attacks with increasing frequency. It is estimated that around 4 in 5 successful breaches occur this way.
Business Email Compromise attacks usually go unchallenged
The email spoofing involved in sophisticated BEC attacks is often so realistic, it evades the signature-based security profiling performed by traditional SEC tools. Once such attacks slip through the net of the technical apparatus, employees are likely to comply. They will believe that they’re receiving instructions from individuals high in your organisation’s chain of command.
Internal threats go unchecked
Email gateway protections positioned between a corporate email server and the web do not intercept internal email communications. This could result in a compromised email account sending malicious mail throughout an organisation completely unchecked.
Hackers know how to evade the system
Email filtering strategies are visible to hackers via the MX record, allowing them to develop techniques to bypass or slip through email gateways undetected. A simple Google search can often find details of how to launch successful malware attacks.
The Solution
AI-powered email security that’s 10 times as effective as traditional email protection.
Business email compromise attacks cost businesses $120k on average, and with email-based cybercrime increasing in both prolificity and sophistication as a whole, today’s threat landscape requires more advanced email protection tools.
Abnormal Security’s Inbound email security offering uses artificial intelligence to compare expected user behavioural patterns and language with those of inbound mail in order to root out suspicious activity. Through integrations with Microsoft 365 and Google workspace, the platform draws upon communication data to create detailed behavioural and linguistic profiles of your employees, as well as individuals they interact with outside of your organisation such as clients, vendors and partners.
Upon detecting a suspicious email, Abnormal diverts it to a concealed folder, thus eliminating the possibility of end-user interaction.
How does it work to thwart Business Email Compromise attacks?
BEC attacks demonstrate the revolutionary power of AI in email security, with traditional firewall-style, rules-based protections often failing to keep such attackers at bay.
Abnormal can detect language that is consistent with phishing attempts
Abnormal understands the tone, structure and conversational patterns phishing attacks often adhere to. For example, a conversation might start with a seemingly innocuous question such as ‘are you busy at the moment?’. While most end users would be unfazed by such a question, Abnormal understands that phishing attempts are often initiated in such a fashion, before more probing questions or instructions are presented.
Similarly, the platform automatically detects an overly emotive language, particularly words and phrases signalling urgency. Such language is a common hallmark of a social engineering attack. Criminals are often keen to apply pressure, prompting their victims to make hurried decisions without performing the necessary authentication procedures.
Abnormal automatically verifies email headers
Attackers often launch phishing attacks using email domain spoofing. This involves registering slightly altered versions of an organisation’s email domain to appear legitimate at first glance to all but the most forensic end users. A dash may be replaced by an underscore or an ‘I’ may be replaced by the number ‘1.’ Abnormal scans for such irregularities, and ensure fraudulent emails of this nature never reach their intended target.
Abnormal compares emails with your communication norms
Using machine learning, Abnormal leverages data from legitimate conversations to develop a detailed understanding of an organisation’s communications landscape. Data pertaining to shared content types, the tone used, the time emails are most often sent and much more can be used to detect and intercept strange behaviour.
As well as business email compromise, Abnormal’s inbound email protection capabilities offer advanced AI-powered defence against a wide variety of email-based threats. From credential phishing and invoice fraud to supply chain compromise and malware. Going well beyond the scope of legacy email gateway controls, Abnormal’s dynamic, intelligence-driven, and tailored approach to email security provides the ultimate line of defence in an increasingly hostile cyberspace realm.