Artificial intelligence is being used more and more in vendor security products and solutions. This use of innovative technology, coupled with cyber security training, are crucial aspects of cyber and email security best practice.
In cyber security training, for example, AI can be used to simulate attacks based on recent data compiled by recent incidents — making training courses as relevant as possible. AI systems can also monitor employees’ security awareness and provide information about what types of attacks would employees fall for, and where an organisation is more susceptible.
The old days are over
Cyber attacks have moved from a mass attack model to more focused, targeted attack model. For email, it used to be the case that attackers would launch mass phishing and mass spamming attacks, with the perpetrators hoping that 1 in 1 million people would fall for them.
How to combat the rise of account takeovers from hackers
Now, however, attackers are tailoring their attacks to specific organisations. They’re willing to actually research the organisation, buy credentials to infiltrate it, or send personalised email from some in a senior position to someone in a lower position. It is a much more dangerous landscape.
In this new world, the old approach of doing email security is no longer sufficient.
In these old days, mass campaigns were just reusing the same attack over and over, and sending it to many different people. Security vendors would just observe the threats and create signatures based on all the observed breaches. Once one attack was solved, because they were all the same, one solution fitted all.
A need for artificial intelligence in email security
“That approach is just not going to work in this targeted world, because attackers are going to vary their emails, they’re going to customise them to each organisation,” explains Asaf Cidon, Vice President, Email Security at Barracuda Networks.
“Sometimes the attackers don’t even include a link or a malicious attachment in the email. It’s just literally using social engineering and text to trick the recipient, for example, by using impersonation.”
>Read more on The role of artificial intelligence in cyber security
The use of artificial intelligence allows organisations to be much more flexible in their approach to security. It means vendors can tailor defences to each organisation — supposedly.
“When we run our AI we can actually learn the unique communication patterns of each company we observe, their internal communication patterns, and then understand what’s normal and what’s not normal,” says Cidon. “Such as, how does your CFO communicate, what emails do they use, who do they talk to, what types of links would be normal for them to send, what type of style do they communicate with, etc. And that’s a much more robust way to stop these attacks, because you actually understand the context of a specific person, a specific organisation, rather than just applying global rules across your entire email filter.”
Target customer
Who would you usually deal with when selling your product?
“We usually deal more with the IT and security teams of an organisation, rather than the CTO. This is because some companies don’t have a CTO, and it is more common for us to speak with the CIO or the security team,” explains Cidon. “However, we definitely do have companies where there’s a CTO responsible for security.”
“Traditionally, email and email security have been under IT and the security team’s remit, rather than the technology team.”
“With the security awareness training, it is a little bit of a different story. Sometimes that falls into the remit of HT/legal.”