Almost every organization freely admits that people are the biggest risk to its security. This year’s Data Breach Investigations Report by Verizon highlights that 74% of incidents involved the human element. People are a ‘soft’ target for cybercriminals. Networks and software can only be exploited if pre-existing vulnerabilities are discovered and hacked before they’re patched. People, however, can be engineered into creating vulnerability at any time.
This unpredictability doesn’t stop with inbound attacks. People routinely make mistakes that lead to data loss and they also choose to exfiltrate data, whether that’s a perceived ‘bending of the rules’ to increase productivity (for example, sending something to a personal email address when they know they shouldn’t so they can work on it from home) or stealing data with malicious intent.
Research shows that people are most vulnerable when using email. It provides cybercriminals with a direct line to every individual within an organization and people’s use of email has become instinctive – it's the most popular channel for business communication and, consequently, it’s second nature to process an invoice received via email or click on a hyperlink to reset a password. At the same time, people routinely share sensitive information internally and with clients and suppliers via email, increasing the likelihood that a mistake will be made versus any other application.
Previous approaches have proven ineffective at reducing human risk on email. The signature-based and reputation-based detection used by traditional perimeter controls cannot stop the advanced phishing attacks that now target organizations, such as zero-day or emerging payloads; ‘payloadless’ attacks that don’t contain malware or a phishing hyperlink for them to detect (and commonly take the form of business email compromise); and phishing emails sent from compromised supply chain accounts. Static, data-led approaches to email data loss prevention also fail to mitigate the risk of human error and data exfiltration across the modern enterprise.
It's clear that people need more support at the point risk than periodic, one-size-fits-all training modules provide. Content for these modules is not contextualized – for example, it might increase awareness of holiday-based phishing attacks but it can’t tell people about the real-world attacks they will face. Even with gamification efforts, organizations are also unable to facilitate true engagement with modules and they can’t guarantee people will remember what they’re taught. Attacks are also getting much harder to spot, especially when social engineering pushes people into acting quickly and instinctively (for example, the CEO fraud attacks targeting a junior employee with an urgent request).
At Egress, it’s our mission to empower people to use email safely and effectively. As part of this mission, today we’ve launched the latest update to our Intelligent Email Security suite.
Bringing adaptive security to cloud email
Risk is ever-changing and advanced and persistent threats continue to evolve. Against this backdrop, adaptive security is designed to move risk management from reactive to proactive by providing a predictive layer to threat prevention.
The adaptive security model continually assesses risk, constantly monitoring and analyzing user behavior and threat events, deriving insights that are used to automatically dial security enforcement up and down to provide dynamic protection and response.
This concept has been used effectively in network security and, as of today, Egress has become the first organization to provide an adaptive security architecture for cloud email.
Highly accurate, aggregated human risk scores
Egress deeply understands human risk by aggregating granular data from multiple sources. Product telemetry is augmented by open-source intelligence, behavioral data, and threat data taken from any third-party security application via a two-way open API.
As part of this update, we are especially delighted to announce our partnership with KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform. This partnership will enable us to feed KnowBe4’s human risk score into our adaptive security model, meaning our joint customers can leverage the combined value of both offerings to ensure they are best prepared for new and emerging threats before they have even materialized.
Analyzing this granular data enables Egress to generate highly accurate human risk scores for each user, which are used to dynamically adapt protection and response, as well as provide Cybersecurity teams with a holistic understanding of high-risk areas within their organization.
Adapting Egress security controls based on human risk
When an individual’s risk score increases against the evolving threat landscape, the Egress Intelligent Email Security platform automatically adapts its security controls and adjusts each individual user’s experience, while educating them through in-the-moment nudges.
These dynamic adjustments include customized anti-phishing banners and DLP prompts delivered by Egress products, dynamic quarantining of phishing emails, automatic encryption of emails with certain characteristics, tailored real-time educational content for the user, and enhanced auditing and alerting for administrators.
Now is the time to adapt
We believe that adaptive security is the future of email security, offering the most significant innovation since the creation of Integrated Cloud Email Security solutions.
Adaptive security as part of the Egress Intelligent Email Security suite is now available for organizations worldwide, offering them:
- Unparalleled inbound and outbound email security
- Increased speed to response
- Automation that eliminates administrative management
- Data-driven intelligence that provides enhanced visibility into threat trends
- Improved security awareness through real-time nudges
- Unified risk score with accurate insight into areas of risk
Ultimately, organizations can now better prepare for threats to their security, before they have even materialized.
It’s time to evolve your email security. It’s time to adapt.