Business Email Security might have been a relatively young sector, but in the past ten years it has undergone more advancements than most have in the past 50. This is principally because phishing attack strategies are becoming more advanced by the day, checking Business Email Compromise (BEC) anti-phishing safeguards, social engineering and impersonation attacks which mostly hold no malware or links to malicious URLs.
As marked in the most recent Verizon Data Breach and Incident Response report, the vast majority (67%) of data breaches are caused by social attacks delivered via email phishing, and these attacks have proven to be a high-yield and lucrative endeavor for scammers.
The latest FBI Internet Crime Report recorded more than $3.5 billion in losses to individual and business victims, with the most frequent complaints being phished, non-payment/non-delivery scams, and extortion. Businesses of all sizes have been susceptible to these attacks.
Traditionally, companies have invested in phishing awareness training to help educate workers on the telltale signs of malicious emails, along with secure email gateways, DMARC and other email security point solutions. More recently, Breach Attack Simulation (BAS) and Automated Penetration Testing have emerged as a way to continuously stress test the effectiveness of control points, and identify the gaps in business email security that might exist.
Despite these safeguards, email continues to serve as the vector for nine out of ten cyber-attacks. Fortunately, there’s a new technology being built into anti-phishing tools that is proving to be effective at identifying business email compromise and other payload-less attacks – Natural Language Processing (NLP).
Natural Language Processing: An Extra Layer Of BEC Security
NLP is defined as a “subfield of linguistics, computer science, information engineering, and artificial intelligence concerned with the interactions between computers and human language.” While NLP is in its infancy with cybersecurity, it is particularly promising due to its ability to comprehend context.
As BEC attacks continue to increase in frequency and sophistication, NLP has begun to analyze the content of such messages, finding the vast majority include variations of the same four messages, including:
- Employee availability checks (“Hi are you available?”)
- Requests for an unspecific task (“Hi, I’m in meetings today and need a quick task done.”)
- Requests for a gift card (“Hi, I need you to purchase 20 Amazon gift cards as a present to our biggest client.”)
- Requests to change direct deposit, bank details or request for payment. (“Hi, we need changing our direct deposit address for employees next week, can you update?”)
While most business email security tools are well-designed to stop malware or malicious links at the gateway, it’s far more difficult to prevent messages, like the above, from striking their intended targets if NLP is not deployed. That’s because most business email security tools are designed to look for the what (links, attachments) and the who (identified cyber criminals) of email but not the attested language of an email. That’s why companies that rely on traditional Indications Of Compromise (IOC), such as malicious links or attachments, take on more risk.
Business Email Security: Avoiding False Phishing Positives
We’ve all received an email from a colleague or superior who asks if you can come by their office in 15 minutes. The savviest phishing emails will play with these dynamics with highly targeted attacks that spoof a sender of whom a recipient is used to seeing an email come from (i.e. a CEO emailing a CFO).
This would open up many possible false positives and false negatives if we were to only look at language in a silo without more indicators of potential compromise. That’s why It’s no longer enough to rely on one authentication protocol to detect BEC attacks. When an email hits the mailbox, there needs to be a three-step process:
- Inspect the content, links and attachments (the What).
- Verify the sender and prevent impersonation by analyzing email communications, behavior and metadata in real time ( the Who).
- Analyze the language for typical BEC indicators using natural language processing ( the Intent).
To further boost business email security infrastructure, natural language processing uses machine learning and artificial intelligence to scrape and analyze metadata of email syntax, expecting patterns to watch for and flag. This added layer of authentication also help to prevent vendor account compromise by picking up the differences in language between internal and external senders.
That’s why natural language processing can achieve such substantial results, compared to traditional software that simply matched keywords and back-end signatures. For companies that don’t acquire this in place, the consequences could be severe.
In an example from last year, a European arm of Toyota, the Toyota Bokhoku Corporation was targeted by a scam with reported losses totaling $37 million. On the surface, the BEC attack was not remarkably sophisticated: an attacker posed as a business partner of the Toyota subsidiary, and released emails to members of the finance and accounting department, requesting that funds be sent for payment into a specific bank account controlled by the hacker.
While the attack might have required the employee to obtain multiple signatures and approvals before securing the payment, Toyota was large enough that $37 million didn’t raise the alarm bells it should have.
Without enforceable industry rules, regulations or standards, every organization are free to choose what type of business email security to invest in. When looking at the opportunity-cost for Toyota, had the car maker invested in BEC protections, then those emails may never have gotten through in the first place and the company could be $37 million richer than it is today.