Many cyber attacks begin with a phishing email that tries to convince the recipient to download an attachment, click a link, go to a web page, or fill out a form. In an attempt to gain trust, the sender’s email address may indicate someone known to the recipient such as a friend or colleague at work, or even an easily recognized government agency or a reputable company the person has done business with.
Impacts of Sneak Attacks
There are many dangers lurking behind such emails. While approaches may vary, the attacker’s goal is usually the same: obtain access credentials to systems on the corporate network. When one system is breached, criminals can infect all other systems on the network. At that point there is virtually no limit to the harm they can do to your business…
- Hijack systems for crypto mining
- Launch spam attacks
- Encrypt files until a ransom is paid
- Steal and sell customer information
- Spread malware to customers
- Impede customer support
- Damage corporate reputation and financial health
Secure email gateways were once considered the best way of filtering out spam emails, but they are no longer sufficient to defend against today’s sophisticated social-engineering attacks. What is needed is an approach that specifically guards against advanced email-borne threats.
An effective approach is one that includes real-time AI-powered anti-phishing protection. AI does more than just check junk emails using pre-existing filtering rules. It generates new rules based on what it has learned during continuous spam filtering operations.
AI Tools to the Rescue
Google, for example, has applied an open source AI tool call TensorFlow to detect and filter out spam and phishing emails with about 99.9% accuracy, which equates to 1 out of 1000 messages being able to evade its spam filter.
The phishing-detection performance of Google also relies on the delayed delivery of some Gmail messages for the purpose of analyzing them collectively, making suspicious emails easier to identify. This deeper examination also enables filtering algorithms to be updated in near real time.
Google is has also applied TensorFlow to block spam categories that previously were very hard to detect such as image-based messages, emails with hidden embedded content, and messages from newly created domains that try to hide a low volume of spam messages within legitimate traffic.
Since TensorFlow is open-sourced, it can be used by anyone. This means vendors can apply it to their own security products and services. Its advantages are clear:
- Seamless performance
- Frequent new releases with new features
- Google is committed to it
- Excellent community support
- Performance is high and matches or exceeds the best in the industry
Last Line of Defense
Slow, inefficient manual incident response processes give attacks time to spread further into your network. AI-driven tools like TensorFlow can virtually eliminate that gap. But what happens in the rare instance when an attack successfully evades detection?
All it takes is one successful attack to wreak havoc on your business. In this case, your employees are the last line of defense. How effective they will be depends on how well trained they are. A number of vendors offer this type of training using customized simulations with daily-updated content to boost employees’ ability to identify social-engineering attacks and act appropriately.
When applied to email, AI is not yet totally phish proof, but it continues to make very impressive strides in helping to deal with a problem that has plagued us all since the messaging service was invented in the 1970s.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.