Email Security

Interview: How Vulnerable Is Your Communication Ecosystem?

Expert Insights speaks to Chris Lehman, CEO of SafeGuard Cyber, to discuss how comprehensive security over all communication channels, not just email, is necessary today.

CEO of SafeGuard Cyber

Business communication has seen a dramatic shift in recent years. This shift, which preceded the last two transformative years but was undoubtedly accelerated by the pandemic, has made us more connected and has opened up a world of possibilities for better collaboration and communication. However, with progress comes risk. When security does not stretch to all possible channels of communication, those same channels leave you open to attacks.

These attacks typically stem from human error, which in cybersecurity refers to an unintentional action or lack of action that allows a breach to occur, ransomware to be deployed, money or credentials to be stolen, and so forth. Opportunities for human error are endless due to complicated work environments, the increasing number of services and tools teams are using, and, of course, human imperfection.

Human beings simply cannot be expected to flawlessly recognize the signs of a malicious attack, especially not when those attacks are constantly evolving. What organizations need to do for their people is invest in solutions that remove as much of the burden to spot these threats as possible. SafeGuard Cyber works towards this goal by providing security and compliance for email and multi-channel communications.

We sat down with SafeGuard Cyber’s CEO Chris Lehman to talk about their multi-channel security and compliance platform, the biggest challenges they are helping customers to face, the important enterprise initiatives they address, and upcoming trends in digital transformation and communication.

Who is SafeGuard Cyber and what is it that sets you apart from your competitors?

For SafeGuard Cyber, we really live at the intersection of a handful of trends and fundamental truths that we believe the industry and security professionals need to address.

The first truth is that human beings are always going to be the most vulnerable element or weakest link in your security strategy. Human beings by nature are very trusting and no matter how much training you do, no matter how much awareness you create around cyber threats, the human eyes simply can’t be expected to pick up on these highly sophisticated targeted attacks. And the data really backs this up; something like 82% of all cyber-attacks can be traced to the exploitation of human vulnerability.

So, first, we’re very focused on humans. Second, there’s been a huge change in the way we communicate and do business today. It’s no longer just about email; we also collaborate on channels like Slack or Microsoft Teams. We text one another via WhatsApp or Telegram. We may communicate with somebody via LinkedIn or on other social channels. There are all these new places where human beings are communicating to conduct business. And by and large, those new channels are unprotected, and organizations don’t have visibility into those channels.

Third, attackers are evolving, and they’re using new techniques and tactics that go undetected by traditional security defenses. Since human beings are now communicating in new channels which are often unprotected and go undetected by traditional security tools, we are helping to solve that problem. We help them detect Business Email Compromise, which we call Business Communication Compromise—because it’s not just about email anymore.

Who is in your typical customer base and what are some of the challenges you are helping them to manage?

The two industries that we sell to the most are those in financial services and life sciences. These are both highly regulated industries and they’re looking to make sure that employees don’t divulge any PII (Personally Identifiable Information). They’re trying to make sure that in the United States they don’t break any HIPAA laws and in Europe they don’t violate GDPR. They need to be able to monitor conversations, so no information that’s private is ever being made public. They use our Natural Language Understanding capabilities to monitor conversations, so that none of these policies are violated.

I’ve talked about some of the bigger problems that we’re helping to address, but I want to touch on some things that are even more specific. I’ve talked a lot about how we communicate in new ways; the challenge for organizations today is that the visibility they have is very siloed. They may have visibility into email, but they don’t have visibility into Slack, they don’t have visibility into WhatsApp, and so on and so forth. We give organizations unified visibility into all of their communication channels. We have integrations with over 30 different communication channels, and we give our customers unified visibility into all of the channels so they can oversee the conversations that are occurring. This extends the concept of business email compromise into business communication compromise, while monitoring for attacks across all those channels.

We’re also helping organizations to detect threats that other tools miss. What we’re seeing more and more of is language-based attacks. In these attacks, attackers are using impersonation, deception, urgency and semantic tactics to convince their targets to take actions that they shouldn’t. And when you think about it, none of the traditional security tools are analyzing the actual conversation. They might do keyword search or some kind of behavioral analysis, whether it’s network or application or device-based app behavioral analysis—but they’re analyzing the behavior of the application and the user. So, looking at the time and location that the user typically logs in and checking for anomalies. But what none of those technologies do is actually look inside the application at the conversation that’s occurring.

What SafeGuard Cyber does is allow people to see inside of the application and the conversation to determine if what’s being communicated might be an attacker attempting to convince the target to do something they shouldn’t. We detect threats that other tools miss.

Adding to that, an attacker may start off communicating with somebody via LinkedIn to establish trust and learn information about them, and then use that information to establish trust in an email. And then they’ll convince that same target to move from email into WhatsApp or Slack channels that are largely uncovered today. It’s at that point that they’ll deliver the malware payload. These attacks are happening across channels and we at SafeGuard Cyber can connect the dots between these conversations and across the channels. We do all of this via our analytics engine, which is built on natural language understanding and machine learning.

Could you tell us a bit about SafeGuard Cyber’s Natural Language Understanding (NLU) technology and cloud-based Machine Learning, and how these tools work to detect security incidents and compliance violations?

Our machine learning uses a number of different techniques. We do behavioral analysis, we do social graph analysis, but we also leverage natural language understanding, and it is the combination of those techniques that makes our detection so accurate and gives it such a high efficacy. But it’s the natural language understanding, specifically, which helps us really understand what we call the “context and intent” of the conversation. We understand if a conversation is out of the ordinary but still benign with no sign of a threat compared to something out of the ordinary that is also nefarious and malicious. That’s how we use natural language understanding.

Can you tell us a bit about how SafeGuard Cyber addresses important enterprise initiatives like digital transformation, zero trust, remote working and regulatory compliance?

Things like digital transformation have really been accelerated due to the pandemic. Enterprises have had to find new ways for their employees to communicate and collaborate so they could continue to do business. This led to the rapid adoption of a lot of new communication and collaboration platforms that support people working from home or working remotely.

So naturally, if you’re going to have a digital transformation initiative, and it involves new tools for your employees to communicate, you need to make sure they’re secure. At SafeGuard Cyber, we help enterprises make sure that when they’re going through these transformation projects, as it relates to email or collaboration or any other communication tool, that they maintain solid security.

And for zero trust, it’s our belief you need to trust and verify the users and transactions. The co-founder of Palo Alto Networks says, “You need to trust every transaction in the enterprise,” and we believe that isn’t limited to machine to machine or device. It extends to human transactions. Human transactions—those conversations just like we’re having—can really enrich an enterprise understanding of a user. The user is not just a number or a name.

How has the rapid adoption and continued use of remote and hybrid working environments expanded the organizational threat surface, and how do you expect these trends to progress?

The pandemic and working from home didn’t start this digital transformation and adoption of other means of communication, but they did accelerate it. It used to be that a lot of people were working from the office, then for a while everybody needed to be working from home—I’m sure that we’re going to land somewhere in the middle. But I’m very confident that this desire for people to communicate in different ways is not going away, which means organizations need to continue to monitor new collaboration and communication channels.

What would your final piece of advice be to organizations currently struggling to secure themselves against multi-channel attacks?

My advice would be that organizations need to investigate the new technologies that are available, and that security professionals need to recognize that they are vulnerable and take steps to evaluate how vulnerable they are. One of the things we do all the time is we offer our solution on a trial basis, and we say, “Don’t take our word for it. Let us show you.” One of the great things about SafeGuard Cyber is that we’re an API-based solution, so there’s no agent required, and no data feed required.  It’s easy to deploy and can be up and running in 5 or 10 minutes.

We run many trials and evaluations for prospective customers to show them that they are vulnerable and to highlight their areas of risk. Security professionals should be open to that and to evaluate and be ready to hear what their level of vulnerability is when it comes to their communication ecosystem. Then, they can make a better decision about whether an investment in SafeGuard Cyber would be beneficial.