Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
Email Security has certainly come a long way. With cloud messaging now the standard versus the legacy on premise approach (Lotus Notes anyone?) the strategy of securing these clouds has also experienced a revolution.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
Anti-Phishing Remains a Top 10 Issue for Organizations,
If you weren’t among the 3,500 fellow security pros packing the halls at Gartner Security Summit this year to learn, debate and network, you should know that yet again, a hot topic of the event – reflected in Gartner analyst Neil MacDonald’s “Top 10 Cybersecurity Challenges” session – is the email forwarded from an annoyed CEO, that simply reads:
Those dreaded question marks often mean one thing to a CISO: that a malicious email or targeted phish has slipped past their security defenses, and into their executive’s inbox.
I hear this problem repeatedly from CISOs across the country. Attackers are successfully launching phishing campaigns that easily evade defenses and don’t even require links or attachments to wreak havoc. Business Email Compromise (BEC) – also referred to as CXO fraud or Impostor attacks – is effective at slipping past traditional defenses, including Office 365, Gmail and Secure Email gateways – and has caused more than $12 billion in business losses over the past five years.
This problem continues to be such a serious challenge for security professionals that MacDonald reminded them to prioritize BEC as a Top 10 Security Project in 2019.
Now, why is BEC fraud getting so much attention?
First, attackers are going after the individual – not the protocol. Criminals spend weeks or months studying an organization’s executives, vendors and billing systems – even an executive’s writing style and schedules – so they can mimic them credibly, at the right moment.
Second, BEC exploits deeply ingrained social traits, such as the trust people have toward their organizational leaders and the natural propensity to collaborate . A simple email that appears to originate from a CEO, to his or her executive assistant asking to wire funds, can harm a company’s bottom line as much as (if not more than) a sophisticated, malware download attack.
Third, a BEC phishing email usually carries no attachments, malware, or payloads, and is “clean” of suspicious links or sites. The extensive use of anti-phishing training and educational resources have created a false sense of trust: what danger could possibly lurk in a simple email with no attachments or links?
And finally, because BEC fraud is file-less, linkless and often sent by imposters from valid email accounts that pass email authentication checks, traditional defenses, including Office 365, Gmail and secure email gateways (SEGs), frequently miss the malicious nature of these campaigns.
The Rising Cost of BEC to Businesses
You might recall that Gartner also ranked active anti-phishing as a top three security project last year. Prioritizing BEC phishing is critical because it’s a threat that has the potential to cause a high degree of negative business impact. Reducing BEC also reduces a high amount of risks.
And recent statistics from the FBI IC3 agency confirm the damaging nature and continued growth in frequency of these attacks. As noted in the image below, last year the agency received over 300,000 complaints of attacks that resulted in businesses losses of over $2.7B. BEC accounted for a whopping $1.2B, or 45 percent, of losses.
The Key to Defeating BEC: Source & Sentiment
However, a new kind of approach (that doesn’t rely on your employee’s security awareness) can counter BEC attacks (and other types of advanced phishing attacks). At the summit, in his Top 10 Security Projects session Q&A, MacDonald mentioned that Area 1 offers an effective way to block phishing campaigns, including BEC, before they hit your employees’ inboxes.
How do we do it? It’s a two-fer:
Root out the Source: Area 1 takes an innovative approach to advanced threat protection that’s preemptive, comprehensive and accountable. In the case of BEC attacks, that means inspecting message context by looking at the trustability and authenticity of the sender in unique new ways.
Understand the Sentiment: By using sophisticated matching models to check that messages appearing to be from an executive, actually originate from known sending domains, and by analyzing subject and content language and sentiment, we’re able to effectively detect BEC email that traditional defenses miss, and therefore prevent delivery of imposter email to employee inboxes.
There are other benefits to this innovative approach. As one of our fintech customers, LendingHome, notes;
“Freeing employees from the need to examine, report, and authenticate suspicious emails let them focus on their core roles and responsibilities, all while knowing that their email is safe.”
We agree. It isn’t every employee’s job to correctly flag every suspicious BEC phish that happens to get past their company’s SEG and perimeter defenses.
Phishing, especially BEC and executive impersonation attacks, remains one of the biggest cybersecurity issues facing organizations, large and small. It is trivial for attackers to take advantage of the implicit trust that exists between employees in an organization; and it is not a winning strategy to rely on educating employees or leveraging legacy defenses to stop these.
Area 1 helps numerous Fortune 500 healthcare, financial services and manufacturing organizations protect their executives against Business Email Compromise. To find out how we can protect your organization from BEC and other phishing attacks, schedule a briefing or a demo.
Want to keep up to date with the latest phishing trends?
With a career spanning 20 years fighting bad guys online, Shalabh leads all product and go-to-market functions at Area 1 Security, with extensive prior experience across security, enterprise, and cloud infrastructure companies such as Aspen Networks, IronPort Systems, Cisco and Bracket Computing. Shalabh and his teams have taken products from conception all the way to large scale businesses; and in the process have consistently helped make the Internet a safer place. An alumnus of Stanford University and the University of Texas at Austin, Shalabh holds five patents and can claim to know something about enterprise infrastructure and security.
Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.
https://www.area1security.com/wp-content/uploads/2022/04/BlogEmailBanner_BECAttackType_2022APR14.png13072500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-04-18 10:07:242022-04-28 08:48:24Understanding the Four Business Email Compromise Attack Types
Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!
https://www.area1security.com/wp-content/uploads/2022/03/Champion-Banner_2.png10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-31 06:00:292022-04-28 08:49:23Area 1 Security Announces the Most Spoofed Brand of 2021
Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.
https://www.area1security.com/wp-content/uploads/2022/03/SocialBanner_Blog_MarchHackness2021_2500x1000-Copy-2.jpg10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-26 20:45:192022-04-28 08:51:272022 March Hackness: The Return of the Phishing Bracket