How do I protect my company from BEC?

            Of course, security teams put rules and policies in place to stop malicious messages landing in inboxes
            but, as we’ve seen, hackers find ways around these rules. Another solution is to train employees on the
            threats. And security training helps to raise awareness, but solely relying on training means relying on
            your employees to spot every scam and every threat. This is unrealistic; businesses cannot expect busy
            and stressed employees to get it right 100% of the time, especially when hackers make their deceptions
            so difficult to detect.

            To prevent BEC attacks, you need to detect the impersonation but it’s a difficult problem to solve. To
            accurately detect it, you need to understand what is being impersonated. You need to be able to answer
            the question, “for this user, at this point in time, given this context, is the sender really who they say they
            are?”.

            Machine learning can help, though. By using machine learning algorithms to analyse historical email
            communications and understand each and every employees’ relationships over email, you can start to
            build a picture of normal (and abnormal) behaviour. When an employee receives an email that looks out
            of the ordinary, they can be alerted in real-time to the threat and given advice on what to do next.

            The example of Cosmic Lynx has shown that more and more cyber-criminal gangs are turning to BEC to
            achieve their objective of scamming businesses out of hundreds of thousands of dollars. Companies
            need an advanced, multi-layered solution to this increasingly sophisticated problem. By using machine
            learning to protect people on email, and by solving the problem at the human layer, businesses can start
            to tackle the rising threat of BEC.





            About the Author

             Tim Sadler, CEO, Tessian

            Tessian  is  building  the  world’s  first  Human  Layer
            Security  platform  to  automatically  secure all  human-
            digital  interactions  within  the  enterprise.  Today,  our
            products  use  stateful  machine  learning  to  protect
            people using email and to prevent threats like spear
            phishing, accidental data loss due to misdirected emails, data exfiltration and other non-compliant email
            activity. We’ve raised $60m from legendary security investors like Sequoia and Accel and have over 150
            employees located in New York and London.

            https://www.tessian.com/










            Cyber Defense eMagazine – August 2020 Edition                                                                                                                                                                                                                        90
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.