Cybersecurity and AI/ML, Before the New Age of AI: Email Security


Powered by

Opens a new window

While the debate on the dangers of AI and ML proliferation continues, it would be unwise to ignore the positives – the tools and technologies driven by AI and ML frameworks that offer effective solutions to many of our present challenges and limitations. This article, Part II of Derek E. Brink’s six-part series on cybersecurity and AI/ML before the new age of AI, focuses on email security and how we can better manage it.

For a handful of seminal moments in high-tech history, the implications of new technologies have been so profound that the first thoughts of their creators had roots in holy scriptures. “What hath God wrought” — which is the first long-distance telegraph message sent by Samuel F. B. Morse — is a passage from the Hebrew Torah. “Now I am become Death, the destroyer of worlds” — which came to the mind of J. Robert Oppenheimer on witnessing the world’s first nuclear explosion from the control bunker of the Manhattan ProjectOpens a new window — is from the Hindu Bhagavad Gita. (By the way, the excellent biopic Oppenheimer was just released in theaters on July 21, 2023.)

Today, the world-changing technology we’re all talking about is artificial intelligence (AI) and machine learning (ML). As far as I’ve been able to tell, our technical thought leaders have expressed the same types of hopes and concerns as Morse and Oppenheimer — but without any of the underlying spirituality (to be fair, perhaps I’ve simply missed it). 

Bill Gates, co-founder of Microsoft, wroteOpens a new window earlier this month that “the risks of AI are real but manageable.” Sam Altman, CEO of OpenAI, testifiedOpens a new window before the United States Senate in May, “My worst fears are that we — the field, the technology, the industry — cause significant harm to the world. I think that can happen in a lot of different ways … I think if this technology goes wrong, it can go quite wrong, and we want to be vocal about that. We want to work with the government to prevent that from happening.” 

Building Protective Defense Across the Phishing Lifecycle

The indisputable successes of Gates, Altman, et al. notwithstanding, my personal point of view is that these matters are far too important to leave solely to technologists and governments to figure out. As John Adams said, a free society is built on a foundation of morality and virtue.

In the meantime, let’s carry on with our simpler theme from last week, which was that for several years now, leading cybersecurity solution providers have already been leveraging AI/ML technologies. As another illustrative example, Aberdeen wrote back in September 2018 about How to Conquer Phishing? Beat the ClockOpens a new window , which described how:

  • The risk of phishing attacks can and should be quantified to help senior leaders make a better-informed business decision regarding what to do about it.
  • In multiple dimensions, reducing the risk of phishing attacks is a race against time. Defenders must protect and respond more quickly than the attacker’s timeline — as well as faster than their own users are to open phishing emails and click on malicious links.
  • In a simplified model of the phishing attack lifecycle, defenders essentially have four options for beating the clock:

1. Pre-delivery protection from the attacker’s initial launch of a malicious email campaign (time = 0), can defenders successfully apply monitoring and filtering technologies to prevent those emails from being delivered? Leading solution providers are applying advanced automation, AI, and ML technologies to identify, verify, and remediate malicious emails before it ever hit the organization’s inboxes. Effectiveness at prevention will never reach 100%, but it can be expected to increase over time.

2. Post-delivery protection for malicious emails that are successfully delivered can defenders successfully engage their business users to reduce the likelihood of those emails being opened and clicked? Security awareness training initiatives can effectively increase user awareness of malicious emails; reduce user click rates on malicious emails; delay user time-to-click on malicious emails; and increase user reporting of potentially malicious emails for review and remediation by technical staff.

3. Post-delivery incident response for malicious emails that are successfully delivered can defenders successfully leverage their in-house technical staff to identify, verify, and remediate those emails before they result in financially material business impact? Human review and verification by generalists (i.e., IT staff) on an ad hoc, best-effort basis is slow and inconsistent in speed, and remediation (e.g., blocking specific senders, instructing users “don’t click” and “please delete”) is limited and uncertain in effectiveness. Human review and verification by a specialized, dedicated staff (i.e., in an in-house Security Operations Center) can be faster and more consistent, but it requires an investment in 24 / 7 capabilities. Without automation, both generalists and specialists can quickly be overwhelmed by the sheer volume of malicious emails.

4. Post-delivery protection and incident response, in combination with pre-delivery protection, specialist solution providers are now integrating automated real-time checks for malicious email at the individual inbox level based on the latest threat intelligence, behavioral analytics, sender reputation, and other metadata. Automated capabilities for identification and verification are complimented by the focused, dedicated technical staff of the solution provider to review and verify malicious emails when necessary. Automated removal of malicious emails from all affected inboxes provides remediation, which is much faster and more certain than primarily manual approaches.

  • Aberdeen’s analysis of empirical data from more than 1,400 simulated phishing attacks helps to visualize and quantify the value of speed for defender protection from and response to malicious emails:
    • The likelihood of the first user clicking on malicious emails occurring within 30 seconds was about 8%; the likelihood of the first user clicking on malicious emails occurring within 60 seconds was about 30%; the median time-to-first-click on malicious emails was just 134 seconds.
  • Post-delivery incident response by generalized IT Staff is the least effective approach, reducing the risk from phishing attacks by less than 5%.
  • In sharp contrast — automated, technology-based pre-delivery protection and post-delivery protection and incident response from specialist service providers is by far the fastest and most effective approach. The risk from phishing attacks is reduced by more than 70%, with ongoing upside from continued improvements in technology-based automation, AI, and ML.

Automation, and AI / ML Technologies Provide Pre-Delivery Protection and Post-Delivery Protection and Incident Response, Significantly Reducing the Risk of Phishing Attacks

Source: Empirical data adapted from IRONSCALES (N = 1,407 simulated phishing campaigns; N = 51,558 fully remediated email attacks); Aberdeen, September 2018

Just last week, Aberdeen launched a new research study on AI in the Enterprise: The State of AI in 2023, which looks at AI use cases in several business areas, including cybersecurity, IT infrastructure, sales & marketing, financial management & ERP, manufacturing & engineering, and retail. There’s still time for you to participate by responding to our survey here. We’d welcome your input!

How are you upgrading your organization’s email security with AI/ML? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!