In the third and final in the series of blogs on the topic of Business Email Compromise, we look at emerging technologies that are successfully mitigating this attack vector. (See our first post here and second post here.)
Before the recent rise in Business Email Compromise (BEC) attacks, very little research had been done into how to combat them. More understanding was needed of the nature of these attacks to create the necessary security controls to protect organisations. Thankfully, a few little-known emerging players have been heavily researching this space and are now emerging as leaders. (See our previous blog post “Understanding Business Email Compromise Attacks” here.)
Due to the physiological nature of BEC attacks the first line of defence is to work on rules, policies and training. This is, without doubt, a good start, and needed support, but it isn’t enough to protect against advanced threats. Businesses need to delve deeper into their infrastructure, policies and end-user activities. They need to try to maximise the trustworthiness of email services, minimise threats at email gateways and enforce secure email behaviour amongst employees. Even bearing all this in mind, organisations often won’t have the resource to keep up with the evolving nature of BEC attacks.
At the centre of all BEC attacks is impersonation and therefore a solution to the problem must go further than policies or algorithms that attempt to identify regular patterns of fraudulent emails. Emerging technologies that focus more on Identity and Trust are winning the battle of the day to keep our inboxes clean from these advanced attack types.
To combat the advanced socially engineered attacks, organisations need to gain a full view of their email security operations. Fortunately, there is some emerging technology which is beginning to help fight against this new type of security threat. The Agari Email Trust Platform is one example and combines an array of innovative tactics not previously seen in email gateway technologies, such as:
The above delivers unprecedented detection of an array of different attack types, from compromised account takeovers, display name spoof, full domain spoof, lookalike domain spoof and brand spoofing. Agari Email Trust Platform plugs the gap left by the Secure Email Gateway providers.
Organisations will need to invest in emerging technology that can make email infrastructure more policy-focused, more dynamic in the way it interacts with end users, and more effective in educating users and changing behaviour. Due to the evolving nature of BEC attacks and the various threat pathways, the technology solution needs to be a mixture of email scanning, sandboxing, URL scanning, authentication, dynamic classification and sender profiling. On top of this, email defences should use up-to-date threat intelligence sources to allow them to adapt in real time to current threats. This includes blacklisting IP addresses and preventing user access to URLs of malicious domains. Needless to say, any solutions that are implemented need to integrate with existing technology and policies to be effective.
To find out more about how Infotrust can help protect your organisation against targeted inbound attacks visit our Secure Email Ecosystem page here or contact us on info@infotrust.com.au.