The email security company has employed natural language processing to detect and thwart business email compromise and impersonation attacks that rely on deceptive manipulation for information, otherwise known as social engineering.
Deeming business email compromiseOpens a new window (BEC) as “a major headache for companies of all sizesâ€, IRONSCALES Founder and CEO Eyal Benishti inducted natural language processing to mitigate the threat quotient associated with them. This is a move toward addressing the what in an email, which previously focused only on the who perspective of it. In essence, IRONSCALES has now pivoted their email securityOpens a new window protocols around two important aspects of securing business emails.
This will help in detecting and thwarting not only impersonated email attacks but also BEC phishing, the combination of which can prove to be highly detrimental to the victim.
Tech News: Data Theorem Launches Full-Stack AppSec Solution for Web AppsOpens a new window
Some Numbers for Perspective
Talking to Toolbox exclusively, CEO Benishti shared, “Email spoofing and impersonation attacks have become unrelenting and ubiquitous, mimicking businesses big and small and everyone from Fortune 500 CEOs to colleagues down the hall.â€
To put it in numbers, the FBI estimated in 2019 that the cost of BEC attacks for businesses is at least $1.77 billion.
BEC is also the #1 source of payment fraudOpens a new window attempts on U.S. organizations in 2019, wherein 75% organizations were the targets of such attacks, of which 38% lost money.
Types of BEC Attacks
The most common types of BEC are:
- Employee availability checks
- Requests for unspecified tasks
- Requests for gift cards
- Requests to change direct deposit, bank details or request for payment
Tech News: Average Company Value Drops by 7.2% When a Data Breach Occurs: iomartOpens a new window
In such attacks, the attacker can pretend to be a senior executive from an organization persuading to purchase specific items, settle payments for fake invoices or schemes, maybe buy gift cards for fellow employees. It is maliciousness that relies on social engineering more so than technical skills, which, through the personalized nature of the email content that does not carry any links or malware, evokes human feelings and emotions to achieve desired goals.
Since they do not carry links or malwares, traditional systems like email security gateways can prove ineffective. Thanks to natural language processing, enabled by neural networks and machine learning implementations, such linguistic nuisances can be filtered out.
Benishti further told Toolbox, “IRONSCALES’ latest email security platform update leverages natural language processing, making it easier to detect and respond to these types of phishing attacks, which frequently bypass legacy human and technical controls.â€
Impersonation Attacks
Employees generally do not disregard any communication from the VIP or high level executive in an organization, which is why detecting impersonation attempts is paramount.
Tech News: Cisco Patches Up Vulnerability in Webex That Risked Meeting DataOpens a new window
Amir Freudinger, IT Manager at Nano Dimension said, “Not a day goes by that our executives aren’t impersonated.â€
IRONSCALES has activatedOpens a new window automatic impersonation protection for this purpose.
Freudinger further adds, “IRONSCALES continues to improve its ability to protect our employees, while not adding additional work for the security team. Such benefits are uncommon for the email security industry.â€
Though they may be uncommon, it is vital that organizations do not miss out on the cruciality of the human angle with respect to security and risk managementOpens a new window . There is always something more to be done.
What Else Can be Done
Without delving into the efficacy of the new implementation, one of the most important aspects of avoiding email-based attacks is training employees or end users to recognize patterns associated with such maliciousness. At the end of the day, human errors do account for 22% incidencesOpens a new window .
Education and vigilance, not financial losses should be the price we pay for cybersecurity.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!