According to the Global Risk Report by the World Economic Forum, the threat of cyberattacks are now among the top three global fears identified by world economic leaders, along with natural disasters and terrorism. Such concerns are clearly warranted, as research from Juniper suggests that cyber breaches will cost businesses a collective $2 trillion in 2019 alone.
As the threats multiply and grow more complex with increasingly burdensome consequences, many organizations remain in constant search of new tools, technologies and best practices to reduce risk. This is especially true for email security and phishing mitigation, as email remains the primary attack vector, with an estimated 90% of attacks initiating in the inbox.
For years, most email security has been focused on detection, either by humans via phishing awareness training, or by machines, that scan messages at the gateway in search of links, attachments and other attributes common among malicious messages. Both approaches have had some success in mitigating email-driven attacks; however, attacker ingenuity has propelled them to evolve their techniques specifically to defeat these controls.
Today, organizations that primarily rely on detection-based email security are putting their company and employees at great risk. While detection tools will continue to reveal some of the most obvious phishing attacks, techniques such as business email compromise and domain spoofing will increasingly slip through the cracks.
Therefore, it is imperative for organizations to implement a predictive security posture as a means to proactively identify attacks and rapidly respond to threats before any business disruption can occur.
Limitations of detection-based strategies
The most common detection-based strategies, including secure email gateways (SEGs) and Domain-based Message Authorization System (DMARC) can identify many known threats, and they should certainly be a part off any security solution.
But we’re no longer living in the days of cookie-cutter attacks where simple filters and rules-based security solutions can cover all risks. Detection-based solutions have many limitations because they rely on information about known threats but are often powerless to identify the unknown. As such solutions are binary, static and purely content based, they are prone to missing small attack changes and permutations. In fact, many detection tools cannot adapt to the slightest alteration of code and are blind to context and advanced authentication capabilities.
Access to black market tools, including AI-enabled programs and cloud-based automated PaaS (phishing as a service) solutions, are making it easier than ever for attackers to construct attacks that bypass SEGs and DMARC. But even when detection tools are successful, remediation is often not quick enough. In today’s threat landscape, it takes less than 82 seconds until the first click is lured, according to Aberdeen.
The value of predictive email security
Predictive technology is the use of machine learning to calculate with confidence a future event, thereby empowering organizations to proactively prepare for trending email phishing attacks. In fact, threat prediction can help businesses use data to prepare for what the next attack will look like and augment it to make it actionable, so to proactively prevent similar or trending attacks from infiltrating or repeat attacks from occurring.
The use of predictive technology may be new to email security, yet it is not new to the broader cybersecurity industry. In fact, leading endpoint detection and response (EDR) platforms have utilized machine learning and AI to predict malware for the past several years.
But for email specifically, predictive technology must be based on real-time decisions done by real human experts on a minutely basis. For busy security and SOC teams, the capacity to predict future events with a high-level of certainty is a potential resource savior, as many in security roles are overworked and overwhelmed with a growing number of investigations into suspicious emails.
As cybercriminals constantly exploit email vulnerabilities and create new attack methods, organizations must process threat data as quickly as possible. Propelled by machine learning, predictive technology can cluster similar instances of an attack across an entire organization. This can save hundreds of hours of work by turning multiple permutations into a single incident, offering the ability to quarantine that incident across the entire organization. Clustering also prevents repeat attacks from being delivered, saving time in identifying other threats and reducing possible damage.
Predictive technologies can also supplement network-driven data with actual human behavior and insight. Combining the two can enable SOC and security teams to create a historical portrait of how a phishing attack might look and how to alert employees before they fall for the bait. It’s a more forward-looking and proactive approach to detect anomalies and identify patterns in real-time to identify where an organization’s weak points are and where attackers may strike next.
Organizations that only try to detect based on yesterday’s attacks will remain at great risk. In our whack-a-mole security environment, predicting the next attack is the only way to stay ahead of the disruption that comes with any successful email security incident.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.