Protecting The Human Layer From Targeted Email Attacks
Expert Insights interviews Rob Fry, CTO at cloud office security provider Armorblox
Today more than ever we rely on cloud applications for critical everyday business activities. The cloud has become an integral way of working for most organizations, whether it’s sending emails, using collaboration platforms, or sharing and working on online documents.
But rapid cloud adoption and remote work practices are presenting new security challenges. Using cloud services without protection can create vulnerabilities within organizations; ways for cyber-criminals to target your employees and compromise sensitive data.
Headquartered in Cupertino, California, Armorblox is described by CTO Rob Fry as part of a “new breed of email security” that has come into existence because legacy email security technologies lack the context and visibility organizations need to protect against targeted email attacks in this cloud perimeter.
Fry’s own background is in engineering, primarily building back-end systems. He has worked in security teams in some of the world’s biggest technology companies, including Netflix, where he was involved in transitioning their systems to the cloud.
We spoke to Fry about the Armorblox platform, what makes their technology unique in the email security market, and how organizations can stay protected against targeted email attacks.
A New Breed Of Email Security
Over the past five years, there’s been major disruption in the email threat landscape as attacks have become more targeted. “The adversary is winning the phishing war,” Fry says. While “traditional” email threats, such as spam, malicious attachments and harmful URLs, continue to be a problem, cyber-criminals are now also using social engineering attacks like Business Email Compromise (BEC), impersonation, and invoice fraud to try and target users themselves. The increasing volume, sophistication and complexity of these social engineering attacks is creating a push for innovation in the email security space.
Armorblox uses Natural Language Understanding (NLU) to power their threat protection. NLU systems are designed to understand the unique characteristics and nuances within human interactions via digital systems to be able to identify risks and flag-up potential signifiers of social engineering attacks. There have been “tremendous leaps in capabilities” for using machine learning to analyze communications, Fry says, owing this to new technologies and a wealth of training data sources contributing to ML models improvements. This provides Armorblox with the capabilities to “detect abnormalities” in email communications based on previous patterns, and automatically remediate suspicious emails.
Social engineering attacks are successful because they make people “feel a sense of fear or urgency,” Fry says. These attacks work through effective use of manipulation and psychology – not because of malware or viruses. Because of this, traditional methods of securing email that rely on threat detection are unable to offer comprehensive protection against these targeted phishing attacks. Armorblox uses machine learning to analyze thousands of signals across user identity, user behavior, and email language to protect against those social engineering attacks. “People are the new perimeter,” Fry says. “What we’re trying to do is protect that human layer.”
Email Attackers Are Getting More Creative
“Adversaries are highly motivated, they’re smart, they’re persistent,” Fry says. “Understanding the dynamics of these attacks is important to stay protected.” Attackers today have a lot of tools at their disposal to pull off sophisticated attacks. We put an abundance of information about ourselves on the internet, which makes it easier for bad actors to create realistic social engineering attacks. Attackers can also target companies across the supply chain, compromising third party suppliers of bigger organizations and using them as vectors for phishing attacks.
This reflects an increasing sophistication among cyber-threat actors, who are willing to put more time into pulling off lucrative phishing attacks that seem legitimate at first glance. “The creativeness of the adversary will always persist,” Fry says. He explains that attackers will always try the easiest method of attack first, but that increasingly we are seeing cybercriminals put more time and effort into sophisticated attacks to make malicious messages look and feel more realistic.
This is something Armorblox has seen recently as many organizations have moved to remote working due to the COVID-19 pandemic. COVID represents another opportunity for cybercriminals to exploit issues that are at the forefront of everyone’s minds, Fry says. Attackers are using the context of the coronavirus pandemic to create believable scenarios and successful phishing campaigns, such asking users to update payment details or sign into new accounts.
This plays on issues of fear and uncertainty, which are crucial for successful social engineering attacks. For instance, Armorblox recently detected a credential phishing campaign that used the lure of IRS COVID relief funds to scam people into giving up personal information.
“Again, it’s psychology, right?” Fry says. “You’re working from home, you’re expecting to see COVID-related emails, so attackers can build campaigns that seem very believable. It might not be 100% successful, but you really only need a small percentage of people to fall for the attack for the campaign to be successful.”
The Future Of The Email Security Landscape
To help organizations stay safe against threats within and beyond email, development and investment in machine learning technologies will also continue to expand, Fry says. “Over the next few years, there will be extended use and improvements in these capabilities,” he says.
Another area Fry believes that will become a focus point for security companies is in developing more comprehensive threat analytics and reporting. It’s no longer enough for security vendors to just stop attacks; security teams need more enrichment within data, and more context. This means being able to tell security teams who the intended target was, what attacks that user has seen before, and other relevant information. “We’ll continue to do that,” he says, “Leveraging more customer data sources to better understand who users are and how they work.”
One thing we can be certain about is that “email has been and will continue to be critical for organizations,” Fry says. With the value to the business of delivering email from the cloud, applications like Office 365 and G Suite will continue to be crucial for businesses.
However, with that said, the reality is that there’s a big shift in the way we are communicating at work. Messaging platforms like Slack and Microsoft Teams, and file sharing applications like Google Drive and OneDrive are changing the way that we work and communicate.
“In the future, time will be spent looking at these products and how we can leverage our security capabilities across them, because we need to consider these as additional attack layers that need the same protections as email,” Fry says. Armorblox currently integrates with Slack and Box to provide customers with threat and data protection, with more integrations planned in the future.
How We Can Stay Secure Against Email Threats Today
Fry’s advice for organizations to keep safe against targeted email threats today is to continue to investigate and invest in email security solutions. Last year, the FBI cited $26 billion in reported exposed losses from BEC attacks in the last three years alone, underlining the seriousness of these threats.
As attackers become more creative and attacks become more sophisticated, organizations need to look for more modern technologies. Fry says that cybercriminals are becoming more successful in their ability to persist against legacy email systems, by focusing on social engineering. For this reason, your security team should have the human layer at the forefront of their security strategy, he says.
“Organizations should conduct a thorough review of their security capabilities to ensure that they are maximizing value from natively available protection. To stop targeted email attacks, you need to augment existing email security layers with a solution that provides specific protection against social engineering attacks.”
You can find out more about Armorblox and their range of security services to protect the human layer here: https://www.armorblox.com/