According to Verizon's 2024 DBIR report, the statistics on data breaches still remain grim. While email dropped behind compromised credentials through Web applications as the top vector spot, it is still the second-leading point of entry responsible for over a quarter of breaches.
The good news is Verizon's partner simulation engagement data conducted in 2023 showed improvement from prior years–20% of users reported phishing in simulation engagements, and 11% of the users who clicked the email also reported. But this was undercut by the fact that the median time it took these users to click on a malicious link after opening was 21 seconds, and then another 28 seconds for the person caught in the scheme to enter their data. All of this points to a still alarming statistic: the median time for users to fall for phishing emails is less than 60 seconds total.
As cybercrime becomes more advanced and bypasses the legacy controls put in place to defend against it, security must become more advanced too. Machine learning is a subset of AI that's focused on recognizing patterns and learning from data in order to make predictive business decisions.
While there's certainly plenty of hype around this topic right now—much of it still wildly unrealistic—AI has become central to commercial applications for most category-leading companies today. Consider OpenAI, ChatGPT, Microsoft's Copilot, and so forth. So if you're not on the AI bandwagon at this point, you are metaphorically the "caboose" of the wagon.
Advanced Data Science Leads to Advanced Email Security
The advanced data science behind Fortra’s Cloud Email Protection is an advanced system of machine learning (ML) models that work together to accurately detect impersonation and social engineering techniques used in messages. Fortra’s Data Science team is comprised of data scientists with extensive experience in practical applications of modern ML and AI
technologies. Also, by partnering with Fortra’s storied roster of email impersonation and threat intelligence researchers spanning Agari, Clearswift, PhishLabs, and other Email Security solutions, our customers uniquely benefit from a comprehensive wealth of email security domain expertise.
This robust team has developed high-performing models that consider parts of messages and contextual data both individually and collectively. These models are combined using ensemble learning techniques that relate them to one another to consider all threat characteristics and patterns. Together, they maximize decision confidence and ensure accuracy.
Using Machine Learning to Protect Organizations
Fortra’s Cloud Email Protection combines a multitude of models that interpret, analyze, and assign individual scores to each message component. It’s important to understand how the models behind Cloud Email Protection data science work. Three machine learning paradigms are
used to parse and analyze inbound email data:
- In feature-engineered machine learning models, domain experts define the individual measurable properties (e.g., the features) of input data that are instrumental in making predictions or performing tasks. These models excel in scenarios, like email security, where domain expertise plays a vital role in understanding the problem. Also, expert-designed features provide greater interpretability, meaning it can be easier to analyze and improve the model’s performance.
- Neural networks are used to automatically learn complex
patterns and features from data. This allows them to handle
a greater diversity of data, which is useful in areas like email
security where a broad range of file types, images, text, etc.
are encountered. In some scenarios, they can capture subtle
patterns and nuances in the data that would be missed by
feature-engineered models. - Large Language Models (LLMs) are designed to understand
language in a human-like fashion. They are trained on massive amounts of text data to learn patterns, relationships, and contextual information in language, and then making judgments about them – this makes them ideal for natural language processing (NLP) tasks.
In actual deployment, this approach functions with high efficacy against all advanced email attacks, including the hardest to detect account takeover-based scams.
Customers of Fortra’s Cloud Email Protection can also take advantage of the service’s Continuous Detection and Response (CDR) module to apply logic to messages in parallel to machine learning processing. CDR enables the:
- Automatic scanning for threat indicators (from Fortra’s Threat Intelligence and 3rd-party sources)
- Configuring of granular policies for email threat response, such as automatic inbox search
- Setup of custom policies unique to each customer’s email environment
Taken together, this approach effectively transitions the email security paradigm from one that was designed to address isolated events, to one that continuously protects the organization against advanced email threats, as quickly as they emerge.
Conclusion
Verizon's latest DBIR report states that BEC attacks continue to have a substantial financial impact on organizations. While BEC volume did not grow this year versus 2023's report, it did not decrease either and the attacks still have a median transaction of around $50,000. AI- and ML-based technology and its ability to prevent evolving fraud tactics make it the future of email security, today.