Page 90 - Cyber Defense Magazine for August 2020
P. 90
How do I protect my company from BEC?
Of course, security teams put rules and policies in place to stop malicious messages landing in inboxes
but, as we’ve seen, hackers find ways around these rules. Another solution is to train employees on the
threats. And security training helps to raise awareness, but solely relying on training means relying on
your employees to spot every scam and every threat. This is unrealistic; businesses cannot expect busy
and stressed employees to get it right 100% of the time, especially when hackers make their deceptions
so difficult to detect.
To prevent BEC attacks, you need to detect the impersonation but it’s a difficult problem to solve. To
accurately detect it, you need to understand what is being impersonated. You need to be able to answer
the question, “for this user, at this point in time, given this context, is the sender really who they say they
are?”.
Machine learning can help, though. By using machine learning algorithms to analyse historical email
communications and understand each and every employees’ relationships over email, you can start to
build a picture of normal (and abnormal) behaviour. When an employee receives an email that looks out
of the ordinary, they can be alerted in real-time to the threat and given advice on what to do next.
The example of Cosmic Lynx has shown that more and more cyber-criminal gangs are turning to BEC to
achieve their objective of scamming businesses out of hundreds of thousands of dollars. Companies
need an advanced, multi-layered solution to this increasingly sophisticated problem. By using machine
learning to protect people on email, and by solving the problem at the human layer, businesses can start
to tackle the rising threat of BEC.
About the Author
Tim Sadler, CEO, Tessian
Tessian is building the world’s first Human Layer
Security platform to automatically secure all human-
digital interactions within the enterprise. Today, our
products use stateful machine learning to protect
people using email and to prevent threats like spear
phishing, accidental data loss due to misdirected emails, data exfiltration and other non-compliant email
activity. We’ve raised $60m from legendary security investors like Sequoia and Accel and have over 150
employees located in New York and London.
https://www.tessian.com/
Cyber Defense eMagazine – August 2020 Edition 90
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.