Why Artificial Intelligence is Key to Improving Phishing Defenses

As attackers constantly evolve their tactics to side-step more traditional defenses, artificial intelligence and machine learning technologies are stepping in to help organizations improve defenses. Technologies like MessageControl offer a critical extra layer of protection, especially when fully integrated into a multi-tenant platform to help inform cross-product detection.

A Capgemini Research Institute study found that 69% of senior executive respondents said they would be unable to respond to a cyberattack without artificial intelligence. The same study found two-thirds of organizations plan to employ artificial intelligence by 2020, demonstrating the mandate security leaders face in implementing this technology in a focused and valuable way: at their email perimeters and inside their organizations.

By constantly ‘learning’ an organization’s environment and user behaviors to get smarter over time, a baseline of normal is created, with deviations from that highlighting potential threats. For example, social engineering attacks are extremely difficult to detect and employees are often considered the last line of defense. They need help.

Recently, a social engineering attack enabled hackers to penetrate Twitter’s administrative systems, hijacking high-profile accounts and demonstrating the need for appropriate internal security controls.

Phishing Attacks Continue to increase in 2020

Phishing attacks continue to rise for one simple reason – they work. And relying on human instinct to detect and avoid as the only method of preventing them clearly does not.

In the latest State of Email Security report, 58% of respondents saw an increase in phishing and 60% experienced impersonation fraud in the last 12 months. Impersonation attacks increased 30% overall in the first 100 days of coronavirus alone.

Clearly current tactics can be improved. More organizations are using security awareness training to supplement technology defenses and educate their users, but many aren’t following best practices to implement an ongoing program of regular training; only 1 in 5 train employees monthly and 17% offer training only once per year, according to the report.

There’s no question that security awareness is essential, and employees need to play an active role in security. But what if the systems you use to protect them could get smarter as well?

Enhancing Protection with Machine Learning and Identity Graph Technology

As attackers get better at perpetrating impersonation and phishing attacks, security teams can improve organizational defenses, too, by using machine learning-backed identity graphs that can constantly learn their environments and user behaviors to get smarter over time. Security professionals can create a baseline of normal, with deviations highlighting potential threats.

Building a library of known and unknown patterns for an individual user creates an identity graph. To help protect the user from inbound attacks, security controls use the graph to make real-time decisions based on billions of data points. Using this artificial intelligence to insert contextual, real-time warnings in email, for example, helps to make employees more security aware and better equipped to make choices that thwart spear-phishing and impersonation attacks.

Generic warnings like “this email comes from an external source” can so easily get overlooked whereas a warning that gives specific and actionable information about the actual threat is far more likely to get noticed and spark a better outcome.

We’ve all been there. You’ve hit that send button only to realize you’ve emailed customer details or other sensitive or confidential information to the wrong person. The same graph intelligence can also help to reduce the risk of this mistake. It warns employees that they may have misaddressed their email and allows them to correct the error before sending. These potential breaches are common and can have severe compliance, security and business implications.

Supporting a Pervasive Security Strategy

When integrated into a broader cyber resilience platform like Mimecast’s, intelligence gathered by the identity graph can be used to update other parts of the security stack and wider security ecosystem. For example, while artificial intelligence applied to cybersecurity is much hyped, its value comes through at the email gateway. Security professionals can use this user-generated intelligence to remediate latent threats and help to power employee risk scoring. These capabilities complement each other and can also be applied to inform more effective security awareness training for employees.

Arguably one cannot be optimally effective without the other; organizations should invest in frequent and consistent user education and implement standard operating procedures for sensitive data transactions commonly targeted by impersonation attacks.

Powered by the Cloud for Faster Time to Remediation

Attack vectors are constantly changing to adapt to security protections; security professionals tasked with protecting their organizations must be able to rapidly implement the right defenses. Adding a stronger layer of phishing and identity attack protection to productivity apps like Microsoft 365® without needing to change MX records or deploy client plugins on individual devices makes this less complex and more cost effective to achieve. To avoid further fragmentation and cluttering of customer security environments, Mimecast is integrating this layer into its wider security stack rather than being a siloed or autonomous point solution.

When integrated, each layer informs the next and data is correlated across them all, allowing for threats to be detected faster and reducing the mean time to remediation (MTTR). A solution built for the cloud and delivered natively from the cloud is imperative to building a smarter security system, and a more resilient organization.

Mimecast’s acquisition of MessageControl brings significant enhancements to the protection our customers can achieve. It strengthens our Email Security 3.0 strategy to improve cybersecurity at the email perimeter, inside the organization, and beyond the perimeter. Learn more about the new layered defense capabilities this acquisition brings to Mimecast customers.