Internal Intruders: Stopping Insider Threats Requires Smarter Tech and Better Training

Editor’s Note: This blog post was originally found on the Agari Email Security blog.

By Paul Chavez

Security incidents hit 81% of organizations over the past twelve months, and internal threats pose a serious challenge for security teams, according to a new report from Osterman Research. The latest research says that the most common incidents are advanced threats — including spear phishing, social engineering, and account takeover-based attacks.

The report also says that too many organizations “do not have the necessary tools in place” to prevent these internal threats or remediate them quickly. And it highlights the areas where organizations can improve their defenses: better email security technology and better awareness training for employees and executives.

Why Do So Many Advanced Email Attacks Succeed?

Organizations that rely solely on those built-in tools for email security are vulnerable to advanced attacks like business email compromise, which has cost businesses in the United States more than $13.5 billion in the last five years. That said, combining third-party tools and app-native security gives organizations more comprehensive protection and allows for greater control over the environment.

Email attacks can also succeed when people don’t know what to watch out for when a malicious email does make it through security controls. Dark Reading recently reported that55% of organizations do not mandate any sort of security awareness training. And among those that do, less than 10% require training during onboarding and just 6% offer monthly training sessions to keep employees aware of new and emerging threats. This said, humans will always be the most vulnerable link in the security chain — but there’s no reason to leave them defenseless against spear-phishing and account takeover-based threats.

Wanted: Better and More Frequent Training

What does a good security awareness training program look like? It goes far beyond quarterly mandatory meetings and email reminders to create a “culture of security.” A GovTech interview with Lear Corporation CISO Earl Duby describes how the automotive equipment supplier internally markets security best practices as “digital self-defense” through onsite events, gamified training modules, podcasts, and internal social media campaigns. The results included more reported phishing attempts, fewer clicks during phishing tests, and more employee engagement with security awareness resources.

Wanted: Better Tools with Artificial Intelligence Capabilities

Overall, Osterman found that security leaders want cloud-based solutions, and almost 60% want to deploy “much more” artificial intelligence and machine learning technology against advanced threats. Recognizing that AI and ML can improve ATO protection is important. However, not all security leaders realize the scope of the ATO threat. A mere 7% of respondents in a Symantec survey rated ATO as a key risk, but account takeovers contribute to 42% of all security risks in actuality.

The threat is growing, too. Over the course of 2019, account takeover-based email attacks have ramped up by 35% to become the fastest-growing type of impersonation-based attack. To criminals, compromised accounts are ideal attack vectors, because their trusted identities get them past authentication and gateway security measures to their targets’ inboxes. The good news is that AI and machine learning offer ATO detection capabilities that legacy email security tools simply cannot.

Using AI to Detect and Halt ATO-Based Attacks

The basis for Agari Advanced Threat Protection is the Agari Identity Graph, which analyzes over two trillion emails each year to map sender identities, analyze and evaluate perceived senders’ behavior, model trusted sender behavior, and score new messages according to those continuously evolving models. With the scores, Agari then detects malicious messages and provides indicators that help confirm when an employee’s email account is compromised — before the threat becomes a breach.

Email threats are constantly evolving. No single technology and no amount of end-user training can stop every single attack. But by improving security awareness training and adopting AI-based email security solutions, organizations can improve their odds against today’s most dangerous type of email threat.

To learn more about account takeovers and other advanced threats, download New Methods for Solving Phishing, BEC, and Other Security Threats from Osterman Research.

Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store