Defending Against Known, Unknown & Unknown-Unknown Email Scams
Phishing scams pose a significant risk to companies and can lead to great loss in the form of stolen account credentials, fraudulent payments and corporate data breaches, among others. According to IBM’s Security X-Force Threat Intelligence Index, phishing remains the most common way for cybercriminals to gain access to a company’s network and data. This is not surprising, considering that email is still the dominant means of communication for most organizations.
Recent research finds that one-third of all companies think phishing will become an “extreme threat” within the next 12 months, and around 80% believe that the number of phishing attacks, the sophistication of the attacks and the ability of the scams to bypass current detection mechanisms will worsen.
Clearly, email security should be a top priority for any organization. To effectively secure email, it is important to first understand the three main perils of email security: Known threats, unknown threats, and unknown-unknown threats.
Known Threats
Known threats are threats that have been previously identified and are well understood by security teams and threat detection systems. These threats include malware, phishing attacks and spam, among others. These can typically be detected and prevented using gateway-level solutions such as signature matching, threat intelligence feeds, antivirus solutions and other threat intelligence sources.
Signature matching involves comparing the content of incoming emails with a database of known threats. If a match is found, the email is blocked or quarantined before it can reach the intended recipient. Threat intelligence feeds provide real-time information about emerging threats and can be used to quickly update signature databases and improve threat detection. And antivirus solutions scan incoming emails for known malware and can prevent the spread of malicious software. These tools are all important elements of a cybersecurity strategy but won’t protect against new waves of sophisticated email threats.
Unknown Threats
Unknown threats are those that have not been previously identified but can be detected through the use of machine learning (ML) and artificial intelligence (AI) technologies. By modeling trusted communication patterns and behavior, these technologies can identify anomalies and deviations, allowing organizations to detect malicious emails that may not be malicious in content but certainly are malicious in intent.
Unknown threats include spear phishing attacks, business email compromise (BEC) and ransomware attacks, among others. In BEC scams, the criminal poses as a vendor or high-level executive by mimicking or gaining access to a real email account and builds trust to get the victim to transfer funds or provide access to sensitive data. According to the FBI’s most recent internet crime report, BEC attacks were the leading cause of financial losses for the seventh year in a row, costing organizations an astounding $2.4 billion, a 28% increase compared to the previous year.
These types of threats are particularly dangerous because they are highly targeted and evade traditional security measures. Advanced phishing attacks like BEC use social engineering tactics to create a false sense of trust and urgency to get the victim to act fast and take the bait.
ML and AI technologies can help detect unknown threats like these by analyzing patterns of behavior and communication, flagging messages that seem suspicious and preventing attacks before they can cause harm. But even ML- and AI-based tools can only go so far on their own.
Unknown-Unknown Threats
Unknown-unknown threats are threats that cannot be detected by the technology solutions mentioned above because they are novel and utilize different, hard-to-detect strategies. Unknown-unknown threats include new types of malware or phishing attacks that have not yet been seen or previously unknown vulnerabilities in software or systems.
For example, today’s cybercriminals are leveraging modern technology like ChatGPT to write phishing emails. By using generated text that is highly sophisticated and realistic, the scams are difficult for traditional phishing detection systems to detect. And since ChatGPT can be trained on large datasets of past phishing emails, it adapts to generate emails specifically tailored to evade traditional detection systems. Attackers can also use ChatGPT to impersonate the writing style of high-profile individuals or organizations, making the emails appear to be from a trusted source and, therefore, more likely to be opened and acted upon.
Another example is instead of putting a malicious link in the body of the email, the criminal uses a QR code to lure the recipient to the link. This is a pattern that not even ML and AI are trained to detect.
To combat these advanced threats, it is important to leverage human insight within the organization, empower employees to be vigilant and encourage them to report anything suspicious. Employees must be regularly trained and equipped with tools such as “report” buttons so they can develop the instinct to investigate and identify potential threats that may have been missed by other threat detection layers.
It’s critical for organizations to provide tools and training so employees can recognize potential threats. The human element plays a role in 82% of breaches, according to Verizon’s 2022 data breach report. Even with all the best technologies available, the only way to truly change this is by changing human behavior. For example, simple simulations and tests can help companies reduce their employees’ susceptibility of phishing scams. It’s also important to simplify threat reporting. Finding a streamlined way to handle emails that are reported by employees will reduce the workload on security teams. This can be done by using automated processes to triage reported emails and prioritize them for further investigation. By doing so, organizations can ensure that potential threats are quickly identified and addressed, reducing the risk of a security breach.
In Summary
To effectively protect organizations from emerging phishing threats, businesses must understand the three main threats facing email users and employ a multi-layered approach that leverages technology, human insights and streamlined processes. Osterman Research found that, on average, security teams spend one-third of their time every week on phishing threats and expect this time to only increase over the next year. A multi-pronged approach can slash that time to minutes while improving the overall accuracy of threat detection.
This approach better equips organizations to protect themselves against all three types of email threats–known, unknown and unknown-unknown–and keep critical information secure. It’s crucial that all three components work together to provide a comprehensive defense against all types of email-based threats.
