PhishMe, a provider of training tools employed by organizations to help end users better recognize spear phishing attacks such as social engineering, announced today it will now be known as Cofense, after being acquired by a private equity firm.
Cofense CEO Rohyt Belani, who held the same position as the head of PhishMe, said the goal now is to infuse artificial intelligence (AI) capabilities into the platform to make it even easier to recognize social engineering attacks such as spear phishing.
Regardless of whether IT security professionals care to admit it, social engineering attacks have made a mockery of IT security defenses. Historically, the assumption has been that malware could be identified before it penetrated IT security defenses. But when social engineering attacks trick end users into downloading malware, there’s little a firewall a can do about it.
Because of that issue, spending on security training has increased exponentially in the last year. Cofense claims there are now more than 1,700 organizations making use of the content it creates on its platform to train end users. The company not only provides the content used to train end users, it also provides a mechanism through which new classes of social engineering attacks can be identified and classified. In fact, Belani noted that because most IT security teams are overwhelmed by the volume of attacks being launched, many of them have essentially deputized end users who are more adept at recognizing these threats to help identify them. In some cases, they are even offering bounties as an incentive, which Belani said is an activity Cofense plans to further enable via its platform. Those incentives often prove to be critical in helping IT security teams ultimately triangulate in real time the true nature of the cyberattack being launched, he noted.
When it comes to social engineering attacks, Belani said AI will never replace humans in terms of being able to identify all these types of attacks. But, going forward, humans assisted by AI technologies will be able successfully thwart a lot more social engineering attacks than they do today. The more data Cofense can collect, the more accurate the machine and deep learning algorithms being trained by Cofense become, he said, noting that as those AI systems become more sophisticated, the number of end users that can make meaningful contributions to IT security should also increase.
Of course, the “good guys” are not the only people with access to AI. Belani said it’s already apparent that cybercriminals are employing AI to launch more efficient and potentially lethal cyberattacks.
The relationship between end users and IT security teams has substantially improved in recent years, Belani said. While IT security professionals may still roll their eyes when it comes to some of the activities end users engage in, both parties now recognize that end users have a significant role to play in maintaining IT security. In an ideal world, end users should be the first line of defense against social engineering attacks that tend to be more insidious than malware that is programmed to compromise specific hardware or software. Whatever the means, AI offers hope in combating the dark art of social engineering in a way the average end user can comprehend.