Blog: Email Security: Use Machine Learning To Filter it Before It’s Too Late.
The cyber warfare between organizations and unknown hackers is still in full swing and there’s no reconciliation. Email attacks remain the number one option that hackers prefer to break in enterprises’ networks. The reason for that is, emails act as the gateway between end-users and cyber criminals as it allows them to access to employees’ machines directly. So, hackers will never hesitate on using email threats to penetrate the targeted organizations. In the other side, those organizations will always consider email security as their top priority and deploy the latest security solutions to stay safe and halt hackers.
Until now everything seem to be paralleled. But where do things go wrong for organizations? Since this is considered as a war, IT security defenders should consider the fact that their enemies are using emerging technologies such as Artificial Intelligence and Machine Learning to evade traditional security digital preservatives. They craft clever spear phishing emails that triggers the most vulnerable piece of the system which is human. Another thing that put organizations on the weakened side is that email attacks are not always inward attacks but outward ones too. For example, misdirected and unauthorized emails.
However, let’s explain these email threats and see how using machine intelligence can serve organizations as a great filtration portal to outsmart those hackers.
Let’s explain what is spear phishing by considering this scenario: you are a hacker ( cybercriminal ) who works solo or with a group of other cybercriminals, you already chose your target and it end-up to be too far from your physical reach. Regardless of the reasons, you are too motivated to perform a cyber attack. How would you start? After you perform a recon process and gather all the available and necessary information about your target, you realized that the only way the hack into their system is to do it remotely. Thus, you need to send phishing emails, well-crafted emails in fact, because your target is already using smart anti-phishing solutions to stop hackers like you.
Spear phishing is the one that targets one or two specific employees. The goal is to increase the chance of getting employees fall for your deceive. It’s highly aimed phishing attacks toward a specific targets. Just like a spear.
According to the SANS Institute, 95% of successful attacks toward enterprises are the result of spear phishing. Spear phishing takes advantage of some contributing factors such as the sense of urgency, work stress and lack of concentration to mislead employee and click on what’s bad for them.
Spear phishing is still the best weapon that cybercriminals use to penetrate a target. For one reason, because it works.
This is war. Attacks come from the outside as well as from the inside. Traitors or what so-called insider threats are real and they always make real damage to organizations’ sensitive information. So picture this, an HR employee with high-level permissions just downloaded some of the employees’ records then email them to his personal email account. He or she is willing to sell the stolen information to a rogue third-party group. This kind of information could be used for crafting spear phishing emails or expose them to the public. The insider threat could send other sensitive information such as intellectual property or some kind of trade secrets to an unauthorized email account.
This can be an unintentional or intentional behavior. Regardless of the purpose, this stays among the most dangerous threats that could happen to an organization.
According to the 2018 Cost of Insider Threats: Global Organizations report, the average cost of an insider threat like this one is up to $648,845.
When in war, it’s an ordinary scenario to get some friendly bullets. Under the daily work stress and pressure, employees are likely to send misdirected emails with crucial content to the wrong recipient. Although this is something commonly not talked about, misaddressed emails are still among the reasons for data breaches that devastate organizations. A misspelled recipient name, an accidental click of a “Reply To All” button or misuse of autocomplete feature can lead to a data breach, thus, to a non-compliance violation. Under some data protection regulations such as GDPR, this leads to huge money and reputation losses.
You can’t control human stupidity but you can fully stop it right before it takes advantage of your data. Machine Learning driven platforms provides enterprises with the ability to learn, adapt and predict the sending pattern and behavior of employee emails communication using statefull algorithms. Therefore, these ML platforms work as a filtration mechanism to email threats including the above ones. Based on historical email behaviors, machine learning can be used to stop inbound and outbound email threats.