I attended a virtual roundtable discussion with CISOs this week. The session opened with a somber question: what keeps you up at night? The overwhelming majority of CISOs said they’re afraid users will click on something they shouldn’t. And rightfully so – according to the 2019 Global Data Exposure Report, “78% of CSOs and 65% of CEOs admit to clicking on a link they should not have, showing that no level of employee is immune to lapses in judgment.”
Related: How Machine Learning Is Building a Better Spam Trap
Also universal? The reliance on security awareness training (SAT) as the solution. Each CISO at the roundtable already had a SAT program in place, some even have HR enforce testing similar to harassment training. And yet they’re still up at night worrying, probably because we’re asking our employees to match a “leap in attack sophistication” reported by Microsoft and the FBI. We know the responsibility we’re placing on employees is unreasonable.
Meanwhile, ominous training (and draconian enforcement) leaves employees anxious, not empowered. Employees report more suspicious email following training, but the vast majority of those reports are false positives. And there is a cost to this. SOC teams are chronically understaffed, and investigating false positives sabotages strategic objectives.
It feels obvious: training is time consuming, and the false positives it breeds are even more distracting for the security team. In the wise words of a roundtable attendee: employeetraining is necessary but not sufficient. We’re using SAT as a crutch, and blaming user error for our failures to protect employees in the first place. After a pause, the same attendee said, “truth hurts.”
Machines to the rescue
The reality is users will always have a role to play identifying phishing attacks that are heavy on social engineering. But now machine learning can automatically detect and remediate 80%-90% of evasive phishing threats:
-
Sender Behavior Analysis: detects imposter or spoofed emails, using header analysis, cousin or look-alike domain detection, as well as natural language processing to determine whether the language in the body of an email might be indicative of social engineering.
-
URL Behavior Analysis: protects users from credential theft by extracting URLs from emails and examining the destination web page for evidence that it might be a phishing site.
-
Mailbox Behavior Analysis: profiles mailbox activity to create a baseline of trusted behaviors and relationships. Who sends emails to whom and at what time of day? What volumes? What do the contents look like? Mailboxes are then continuously monitored for anomalous behaviors and predictive analytics are used to detect threats.
-
Incident Analysis: Enables rapid investigation, containment, response and remediation of threats. Incidents are created whenever an email contravenes a security policy or is reported by the user.
Learn more about Cyren Inbox Security
Cyren Inbox Security was built to safeguard each and every Microsoft 365 mailbox in your organization. It leverages machine learning to automatically remediate phish that pass perimeter defenses.
Security teams no longer have to spend hours manually reviewing and removing malicious emails. Cyren Inbox Security does the heavy lifting for you with:
-
Automatic aggregation of similar incidents into a single case
-
Clear and detailed display of threat forensics per incident and case
-
Automatic incident investigation and similarity searches
-
Automatic remediation of incident or case across all mailboxes
-
Automatic remediation of threats detected by 14-day retro scan at time of onboarding
-
Simple integration with SIEM and SOAR
Ready to play with Cyren Inbox Security for Microsoft 365? Start a 30-day trial, no credit card needed >