Emerging Technology In The Fight Against Business Email Compromise
In the third and final in the series of blogs on the topic of Business Email Compromise, we look at emerging technologies that are successfully mitigating this attack vector. (See our first post here and second post here.)
Before the recent rise in Business Email Compromise (BEC) attacks, very little research had been done into how to combat them. More understanding was needed of the nature of these attacks to create the necessary security controls to protect organisations. Thankfully, a few little-known emerging players have been heavily researching this space and are now emerging as leaders. (See our previous blog post “Understanding Business Email Compromise Attacks” here.)
Due to the physiological nature of BEC attacks the first line of defence is to work on rules, policies and training. This is, without doubt, a good start, and needed support, but it isn’t enough to protect against advanced threats. Businesses need to delve deeper into their infrastructure, policies and end-user activities. They need to try to maximise the trustworthiness of email services, minimise threats at email gateways and enforce secure email behaviour amongst employees. Even bearing all this in mind, organisations often won’t have the resource to keep up with the evolving nature of BEC attacks.
At the centre of all BEC attacks is impersonation and therefore a solution to the problem must go further than policies or algorithms that attempt to identify regular patterns of fraudulent emails. Emerging technologies that focus more on Identity and Trust are winning the battle of the day to keep our inboxes clean from these advanced attack types.
To combat the advanced socially engineered attacks, organisations need to gain a full view of their email security operations. Fortunately, there is some emerging technology which is beginning to help fight against this new type of security threat. The Agari Email Trust Platform is one example and combines an array of innovative tactics not previously seen in email gateway technologies, such as:
- Domain Authentication– the baseline for preventing impersonation of the domains you own is domain-based message authentication, reporting and conformance (DMARC). This identifies authentic any third parties, vendors or cybercriminals using your domain to send email. It ensures that the visible ‘from’ address domain matches the hidden mail ‘from’ address domain. You can then instruct email receivers (other companies, or mailbox providers) what to do with emails that don’t pass DMARC, such as reject. Read more about DMARC in our blog post here.
- Dynamic classification – advanced artificial intelligence and machine learning systems are able to model senders and recipients identity characteristics, behavioural norms and relationships at both personal and industry levels. This learning allows the technology to create a real-time understanding of email behavioural patterns and to label the threat-level of an email accordingly.
- Virtual SPF and Sender Profiling – Agari made its name authenticating email traffic for the worlds largest brands over the past 6 years, now handling insights from over 1 trillion messages per year! This has given Agari a unique insight into the sending IP’s for email domains the world over, so that when an email is sent from an IP that is out of the norm for a given domain, this inherently raises the flag.
The above delivers unprecedented detection of an array of different attack types, from compromised account takeovers, display name spoof, full domain spoof, lookalike domain spoof and brand spoofing. Agari Email Trust Platform plugs the gap left by the Secure Email Gateway providers.
Recommendations For Tackling The Threat of BEC
Organisations will need to invest in emerging technology that can make email infrastructure more policy-focused, more dynamic in the way it interacts with end users, and more effective in educating users and changing behaviour. Due to the evolving nature of BEC attacks and the various threat pathways, the technology solution needs to be a mixture of email scanning, sandboxing, URL scanning, authentication, dynamic classification and sender profiling. On top of this, email defences should use up-to-date threat intelligence sources to allow them to adapt in real time to current threats. This includes blacklisting IP addresses and preventing user access to URLs of malicious domains. Needless to say, any solutions that are implemented need to integrate with existing technology and policies to be effective.
To find out more about how InfoTrust can help protect your organisation against targeted inbound attacks visit our Secure Email Ecosystem page here or contact us on info@infotrust.com.au.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help