Email attacks have long been a favorite method for cybercriminals looking to make a quick buck. From spam and virus attacks to mass phishing campaigns containing malware, the tactics have evolved over the years. One of the most prevalent and sophisticated attacks of today is known as business email compromise (BEC). Unlike the traditional Nigerian prince or CEO gift card scams, these attacks now employ increasingly sophisticated tactics to secure their payday.
Cybercriminals are constantly searching for new ways to exploit vulnerabilities in email systems. With the rise of generative AI tools like ChatGPT, attackers now have even more power at their disposal. By inputting specific information about their targets or snippets of previous conversation history, generative AI can help threat actors engage in highly realistic conversations with their victims.
BEC attacks are not limited to any particular industry or organization size. They can affect businesses of all sizes and across all sectors, costing billions of dollars. Despite the increased awareness among employees, BEC losses continue to climb. In 2022 alone, BEC attacks cost organizations a staggering $2.7 billion.
The reason for this increase in losses is simple: cybercriminals are getting smarter, and traditional secure email gateways (SEGs) are struggling to keep up. SEGs were designed to block attacks based on known threat signatures like malicious attachments or links and bad sender domains. While this approach worked well in the past, hackers quickly learned how to bypass SEG detection by sending text-based, socially engineered emails that blend in with ordinary inbox content. This not only allows them to miss sophisticated attacks but also requires manual management by security teams, draining their productivity.
To combat these evolving BEC attacks without overwhelming security teams, organizations are considering replacing their SEGs entirely. One strategy gaining traction is the use of behavioral AI-based email security. This approach focuses on learning what known-normal activity looks like in order to spot deviations that may indicate a potential attack.
Behavioral AI-based email security works by ingesting behavioral signals from the email environment. This includes factors such as the user’s typical sign-in times and locations, their usual interactions with colleagues and vendors, and the tone and language they use in their emails. By creating a system that learns and dynamically monitors baseline behaviors, any abnormal variations can be automatically remediated before reaching the target’s inbox.
This approach has proven successful in real-world scenarios. For example, Elara Caring, one of the largest home healthcare providers in the US, experienced advanced phishing attacks that bypassed their SEG. After transitioning to a behavioral AI-based model, their security team stopped hundreds of attacks within the first 90 days alone. Similarly, Saskatoon Public Schools implemented behavioral AI-based security and detected and auto-remediated over 25,000 attacks in just three months, saving the team hundreds of hours each month.
While SEGs have served their purpose well, the increasing sophistication of email attacks calls for a new approach. Organizations that can modernize their email security by leveraging behavioral AI will be in the best position to protect against current and future threats.
About the Author:
Mike Britton, the CISO of Abnormal Security, leads information security and privacy programs. With 25 years of experience in information security, privacy, compliance, and IT, Mike brings a wealth of expertise from Fortune 500 global companies. He holds an MBA with a concentration in Information Assurance from the University of Dallas.