Internal Intruders: Stopping Insider Threats Requires Smarter Tech and Better Training

Why Do So Many Advanced Email Attacks Succeed?

Every major email application — including Microsoft Office 365 and G Suite — includes built-in security features. So with the vast majority of organizations using these cloud-based platforms, why do many attacks get through? Unfortunately, the fact is that while platform security tools are good at detecting spam and other basic threats, they are simply not as sophisticated as third-party solutions that specialize in catching the latest types of advanced attacks.

Wanted: Better and More Frequent Training

Despite the low numbers for training, more than 40% of security decision-makers surveyed by Osterman said that phishing and BEC prevention are mostly or completely about good awareness training. And Osterman found that training executives and employees can deliver a “substantial” ROI — especially at larger organizations.

Wanted: Better Tools with Artificial Intelligence Capabilities

While security awareness training can definitely help employees spot phishing emails and BEC scams, it is not the final solution for all types of attacks. Awareness training presents its own set of problems, including an increase in the number of false positives, but it cannot protect against the most dangerous type of threat — account takeover-based attacks. In fact, only 1% of the decision-makers Osterman surveyed said that end-user training can completely solve the problem, and 38% agreed that technology is needed to curb the threat. Since these threats originate from compromised accounts, they are incredibly difficult to detect, especially if the cybercriminal has access to entire conversations.

Using AI to Detect and Halt ATO-Based Attacks

Legacy security systems are unprepared to stop attacks originating from compromised accounts since, by all appearances, they are coming from a trusted user. In contrast, Agari Advanced Threat Protection uses advanced machine learning to protect employee inboxes from these account takeover-based attacks, and other advanced threats.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.