Valimail is lucky enough to have customers and partners at companies that are innovating and advancing new techniques and practices in cybersecurity. We were honored to have them join us at our annual Identity Summit to share their wins, discuss threats, and work together fighting against one of the most pervasive and damaging attacks facing enterprises: Identity-based email impersonation.
An essential component in executing on the Valimail vision of bringing trust to the world’s communications a reality is our Customer Advisory Board (CAB). This month, we gathered in Napa, California for our annual Identity Summit where we tackled the urgent questions in cybersecurity, including the explosive growth in BEC, the ubiquitous use of impersonation in phishing attacks, and what enterprises can do to prevent these attacks.
Through a mix of meeting time and activities to take advantage of and appreciate the beauty of Napa, the Identity Summit provided the perfect environment for discussing the incorporation of more robust sender identity solutions into the world’s enterprises.
Laying the groundwork and understanding the problem
We started with a discussion of the current landscape of identity-related/based threats, market trends, and opportunities. There was shared agreement across the group on the problems and challenges:
- There are more cybersecurity tools, products, and solutions
- Spending on cybersecurity tools, products, solutions is increasing
- The phishing problem is still a problem: Phishing plays a role in over 90% of cybersecurity incidents
- Impersonation is the root cause: More than 80% of phishing attacks are based on impersonation
- Exploits are happening with greater frequency and impact
In short, email is having an identity crisis.
The good news is there is also agreement that there are solutions — technically proven solutions — to prevent these attacks and build toward a future where email can be truly trusted.
Technology is advancing, but how do we use it effectively?
We dove deep into this discussion with our special guest, Tony Scott, the third Federal CIO and former CIO for VMware, Microsoft, and Disney.
The aspects of technology once seemed to be years and years away are now more like two or three years away. Case in point, as we were preparing for the summit, Google claimed to have reached quantum supremacy. Developments in AI/ML, automation, are happening faster than ever — orders of magnitude faster.
And yet, most models are still very “human-centric” i.e. based on a person’s identity. But machine identity is becoming more and more important as machines are doing more of the work that humans have historically done. Consider that machines are making buying and trading decisions on Wall Street. In a world of rapid automation and transient assets, it will be an exciting challenge to design and develop the security solutions that will support (not impede) innovation while protecting the organization from attacks.
But to date, AI/ML advancement have yet to address the rampant phishing problem.
The solution: validating sender identity
Valimail has been a pioneer in developing and improving open, standards-based solutions for validating and authenticating identity in email. We continue to focus on developing and delivering solutions with a deterministic and automated approach to solve the identity crisis.
Our patented, automated solutions validate sender identity using a unique approach that works without false positives or extra manual work required of your team.
Yes, this starts with email, but identity is not limited to email nor is it limited to humans. Identity isn’t as simple or easy to secure as it once was. There is no single entry point, no physical servers to protect. But building on our industry-leading approach to email authentication and our continued involvement in numerous industry groups and standards bodies, we are poised to take on identity-based threats across communication methods.
So what are CIOs and CISOs to do?
- Continue to focus on identifying where the risks are going to come from and how to best protect your organization from those risks.
- Clearly define the business outcomes you are seeking to achieve. Most enterprises are operating in a matrixed environment with shared resources.
- Understand the organization structure and stakeholders in your organization and work to create an environment that enables rapid, clear communication to ensure alignment on expected outcomes and progress toward achieving them.
- Leverage your peer network to validate and “soundcheck” your strategy and approach. Work with trusted partners across the security and IT ecosystem to select and implement solutions that work together to successfully achieve those outcomes and evolve along with the changing landscape of security challenges, and your strategy for protecting your enterprise.
Coming out of our summit, several things are clear:
- Email is still the number one method for communication in business and it’s not going away anytime soon. It is imperative that we continue to drive adoption of proven solutions to validate senders and authenticate email in order to combat the growing phishing problem.
- Implementing DMARC at enforcement is an “easy win” and cornerstone to preventing identity-based email attacks.
- Authenticating email is just the beginning. The technology landscape is evolving faster than ever and identity is a common component across communication methods. Even IoT —with its device-to-device communication, machine identities, human identities — requires robust sender identity solutions.
- Don’t lose sight of the human element in all of this. Yes, machines will do more of the work humans used to do, but humans can provide a unique understanding of the threats, put together the best defense, and communicate effectively across a complex set of stakeholders. Through mechanisms like this summit, there is no doubt we’ll succeed.
We are grateful to our CAB for taking time out of their schedules to participate in our Identity Summit this year. Together, we are confident we’ll bring trust to the world’s communications.