Enterprises: Can You Handle 3,680 Phishing Emails per Week?

Tuesday, August 08, 2017

Kevin O'Brien


Given its essential role in the business world, it is no surprise that the adoption rate of email security technology is nearly 100%. However, despite this near-universal investment, breaches are still occurring at increasing rates. Targeted phishing has become the single most effective attack type in the world today, and attackers’ emphasis on social engineering tactics make the protection of cloud communication platforms a critical component of any cybersecurity strategy.

An FBI Public Safety Announcement issued on May 4, 2017 outlines the scope of the problem:

“The BEC/EAC scam continues to grow, evolve, and target small, medium, and large businesses. Between January 2015 and December 2016, there was a 2,370% increase in identified exposed losses. The scam has been reported in all 50 states and in 131 countries. Victim complaints filed with the IC3 and financial sources indicate fraudulent transfers have been sent to 103 countries.”

However, communications security at scale is complicated by hybridized cloud adoption and the integration of customized workload integrations with public SaaS communication platforms — Microsoft Office 365 and Google Apps (now G Suite) dominate this space in the email channel.

Legacy security vendors, historically focused on on-premise technology and point solutions for email, have struggled to adapt to these newer platforms. Single-point-in-time reports to block threats at the perimeter through the use of a Secure Email Gateway are clearly insufficient, and provide no visibility, control, or protection against messages that have bypassed the SEG. In order to successfully protect the organization against highly targeted social engineering attacks, IT and Security teams must gain post-delivery visibility into, and control over, messages that have already landed in employee inboxes.

Technology, however, isn’t the only factor to blame for why we keep getting owned; it’s also a resource issue. Enterprise IT and information security teams almost always find themselves pushing against resource limitations in the face of unending attacks and increasingly sophisticated criminals — but a deficit of qualified workers often referred to as the “cybersecurity skills gap” leaves many organizations unable to find and hire the people they need in a timely fashion (if at all).

This shortage of qualified professionals leads to a critical lack of visibility. Attackers often compromise an organization in just minutes, and exfiltrate data in a matter of days; increasingly, organizations don’t know that they’ve been breached until they’re notified by a third party. Security teams must spend their time understanding and preventing threats categorically, rather than being buried in the noise of day-to-day alerts. As information security and IT staff shifts to become a more analytical role, the ability to narrow the time between incident and remediation is key to preventing a major financial or data loss event.

We analyzed information from our proprietary data cloud and found some startling facts that underscore the challenge facing enterprise IT and security teams face when protecting themselves from cyber criminals. Our researchers found that enterprises today face more than 3,680 potential phishing emails per week. This number indicates that not only are cybercriminals raising the level of personalization to entice employees to click, but also taxing enterprise systems through the volume of their attacks.

Let’s take things a step further to truly understand the administrative burden cybercriminals are placing on organizations. Experience tells us that it takessecurity admins an average of 5 minutes to analyze a single email and determine if it is a threat. Multiply this stat by 3,680 potentially dangerous emails and you find that enterprise security and IT teams would need to devote over 305 hours per week to properly review and remediate this amount of email.

The only way to keep up with this volume of work is to implement automation within the corporate cybersecurity strategy. Automation reduces the workload on IT and Security teams by programmatically identifying and addressing threats based on preset policies. Leveraging machine learning and automation can increase visibility of threats, reduce time to detect and respond to threats and also identify patterns that humans may miss.

What’s clear is that cybercriminals are stepping up not only the customization of their attacks, but also their volume. The cybersecurity skills gap has left many companies vulnerable and hackers are eager to exploit those weaknesses. As the number of Business Email Compromise scams continues to grow, understanding whether a specific message is an attack requires fully integrated threat intelligence, with significant amounts of data, to identify threat patterns and help inform incident response actions.

About the author: Kevin O’Brien is the CEO of GreatHorn. With over 20 years of experience in the cybersecurity industry, he has an extensive background in information security and data privacy.

Possibly Related Articles:
Enterprise Security Security Awareness
Phishing cybersecurity cyber-attack BEC
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.