Conor Hynes On Integrated Cloud Email Security: The Modern Solution To Phishing
Conor Hynes, Director of Product Management & Data Strategy at TitanHQ, discusses why phishing attacks are so effective at evading end users and legacy email security technologies, and how integrated cloud email security (ICES) solutions are better equipped to identify and remediate phishing attacks.
In a phishing attack, the adversary contacts their target, usually via email, whilst impersonating a trusted sender. Behind this disguise, they try to manipulate their target into downloading malware or sharing sensitive information with them, such as login credentials or credit card details. In the past, these attacks would be relatively easy to spot, because the attacker would send one generic email to hundreds or even thousands of recipients at a time. But phishing attacks have evolved. Today, attackers carefully research their targets, tailoring their emails so they’re more believable and more difficult for both humans and email security technologies to identify.
“Phishing is changing; it’s not just your traditional phishing attack, with a password reset or a gift voucher—it’s becoming much more sophisticated, with subtle engagement and communications to build trust,” says Conor Hynes, Director of Product Management & Data Strategy at TitanHQ.
TitanHQ is a leading cybersecurity provider that offers a range of integrated SaaS security tools designed to protect organizations from email threats, web threats, and data loss, as well as cultivate a culture of security. The latest addition to the TitanHQ portfolio, PhishTitan is a next-gen phishing protection and remediation solution built to catch even the most sophisticated phishing attempts.
In his current role, Conor is responsible for TitanHQ’s SpamTitan, WebTitan, and ArcTitan products—in particular, identifying new market opportunities and developing innovative solutions to meet evolving customer needs.
In an exclusive interview with Expert Insights, Conor discusses why phishing attacks are so effective at evading end users and legacy email security technologies, how integrated cloud email security (ICES) solutions are better equipped to identify and remediate phishing attacks, and why the future of email security involves a multi-layered approach. You can listen to our full conversation with Conor on the Expert Insights Podcast.
Phishing Attacks Have Evolved
It’s estimated that one in five successful cyber attacks start with phishing. There are two reasons for this: firstly, phishing exploits the innate human desire to trust and communicate with others. Secondly, modern phishing or “spear phishing” attacks are notoriously difficult to detect.
“[Phishing] works by deception, using urgency and trying to lower us into a false sense of security with the aim of retrieving personal information, financial information, or even, in its simplest form, just to engage in communication with the attacker with the aim of gaining trust,” says Conor.
And the reason that these attacks are so effective is simply because people are busy, he explains.
“We’re in a world where people are doing multiple tasks at once. Attackers are utilizing a lack of focus and trying to engage people in phishing emails; by our nature, we’re social beings, so we see an email and we want to engage with it.”
Unfortunately, it’s not just the end users that spear phishing attacks are effective at evading; they’re also able to get around a lot of legacy technologies designed to prevent email threats, such as secure email gateways (SEGs) and authentication standards. Traditionally, these technologies were built to block spam, malware, viruses, and denial of service (DoS) attacks by scanning inbound and outbound emails—including the domain and any attachments or URLs—for malicious content. But as phishing attacks have become more targeted and sophisticated, it’s become more difficult for these tools to identify them—if, for example, there’s no malicious URL or attachment, and the email appears to be from a trusted sender, then a SEG will likely let it be delivered to the intended recipient. “Traditional email filters stop emails in bulk before they ever enter the inbox, where it’s quite difficult to actually do the analysis that’s required to stop phishing,” says Conor. “It’s not a fault of traditional email solutions; it’s just that they weren’t built to deal with sophisticated phishing attacks.”
ICES: A New Approach To Tackle Phishing
To help combat phishing and business email compromise, Gartner recommends that users deploy anti-phishing tools that use a combination of URL inspection technology and machine learning to detect anomalous—and therefore potentially malicious—communication patterns. For example, these solutions, known as “integrated cloud email security” (ICES), can identify when a sender is creating a sense of urgency, or when their tone of voice is slightly different to how they’d usually communicate, or they’re sending an email at a different time to usual, amongst other indicators of compromise.
In addition to ML-powered threat analysis, many ICES solutions also offer attachment and URL scanning, link re-writing, and warning banners. This multi-layered approach is absolutely critical when it comes to detecting phishing threats, says Conor, because “there is no format or standard format for a phishing email [and] there are multiple different characteristics within a phishing email that need to be analyzed.”
Some ICES solutions, including TitanHQ’s newly launched PhishTitan platform, also insert warning banners into suspicious emails that are delivered to users. Inserting these banners means that admins can allow the email to be delivered, rather than immediately blocked or quarantined, whilst still warning the recipient that it might be dangerous to interact with. This helps enable productivity, but also acts as a point-in-time reminder for the recipient to be vigilant.
“Phishing isn’t about just detecting emails; it’s about educating end users,” says Conor. “And when an end user sees that an email has a warning banner, their next action is to scan that email to understand ‘Okay, there’s a phishing characteristic in it.’ We call it an ‘in the moment’ warning banner.
“The best time to educate and train a user is at that point of interaction. So, they see an email, they see it’s been bannered, they see that the email has a malicious link, and they begin to understand what a phishing email looks like.
“[At PhishTitan] we’re going to put a huge amount of effort into the warning banners to not only use them as a tool to protect, but as a tool to educate. Not only will the banner identify that it’s phishing, it will tell you why it’s phishing.”
Outside of improved phishing protection, one of the other main benefits of integrated email security solutions is that they deploy natively with cloud email platforms such as Microsoft 365. This simplifies deployment because there’s no need to redirect MX records—a process that has historically been a huge burden for security teams. And not only does this native integration make it easier for teams to deploy the solution, but it also makes ICES solutions much easier to manage long-term than legacy gateways. “Administrators need to work quickly,” says Conor. “Deploying solutions needs to happen in minutes, rather than hours. That’s been a key focus for us throughout the whole design and development of PhishTitan. We met with multiple focus groups—multiple administrators and MSPs—to understand their pain points, and onboarding and deployment was the number one issue.”
The Future Of Email Security Is Multi-Pronged
Some security professionals argue that cloud-native email security platforms such as PhishTitan are the future of the email space; others argue that a multi-layered strategy involving a traditional gateway and API-based controls offer the most effective protection.But Conor argues that the best strategy to protect an organization’s inboxes is a mixture of these two opinions: combining an ICES solution with a traditional email gateway.
“A traditional security email gateway and an ICES solution working in tandem is the way forward because they both complement each other,” he explains. “The traditional email gateway will stop the basic email threats at the front door, whereas an ICES solution is more sophisticated; it’s going after the most dangerous attacks, those ‘business killer’ emails that are getting through the traditional email gateways. So, I think a dual approach is what’s needed.”
“I think more people are going to move towards ICES solutions, because the benefits that they have over most traditional security solutions are huge.
“A key benefit of an ICES solution is the ability to remediate emails. There’s an understanding that no solution is perfect, and some emails might get through […] So, on the off chance that 0.001% of emails get through, we have the ability to remediate it, too, with an ICES solution.”
But just as important as the technologies that organizations implement, is the fact that they need to educate their users, adds Conor. “Software solutions are only one element to it; you need a highly educated, vigilant workforce, too. The approach goes beyond email security and solutions, around to the end user and the creation of a human firewall.”
Listen On Spotify:
Listen On Apple Podcasts:
About Expert Insights
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.