Cloud computing has fundamentally changed how we work, helping to increase scalability and flexibility while reducing costs. But as with most technological advancements, it has also brought with it a raft of new security and compliance risks.
And while the cloud—and its potential for vulnerability—is nothing new, cyber criminals are continuously developing innovative ways to target this growing attack surface. To protect their organisations, security teams must understand how to break the email attack chain as early and effectively as possible.
In this post, I will shed a light on the various classes of email and cloud attacks that pose significant threats to organisational security—from business email compromise (BEC) to Microsoft vulnerabilities.
Different attacks, same target
While the cloud has brought new challenges and forced organisations to reconsider the threats they face, most risk still lies with people.
Time after time, cyber criminals target our users and their identities. They know that if they compromise a user’s account, they can get at all the systems and data that the user has access to. So, the question for most organisations is this: How can I protect my people and defend my data?
Of course, cloud technology often connects large and disparate workforces, making this task much more difficult. Cyber resilience is key. Wherever your people and data may be, the more layers of defence you can get between them and today’s tenacious cyber criminals, the better chance you have of keeping threats at bay.
Defending against a billion-dollar threat
BEC is the most expensive cyber threat facing organisations, causing billions of dollars in losses every year. So it’s not difficult to see why it remains such a popular method of attack.
As with most modern threats, defending against BEC requires a layered approach. Traditional email protections may not pick up on BEC emails, as they are usually sent from a trusted source. So, in addition to standard email filtering, we must train users to spot anything out of the ordinary.
But this is challenging. The targeted user may know and trust the account they are communicating with—and thus, see no reason to question the sender’s authenticity.
To enhance our defences, we must look beyond traditional legacy email security tools. With technologies like artificial intelligence (AI), we can analyse the tone, structure and origin of an email to spot inconsistencies and automatically flag key indicators of compromised accounts.
AI vs. AI
As the technology advances, AI has the potential to add many more layers to our cyber defences. With multiple engines running different types of advanced analysis for us, we can quickly get a better understanding of language and behavioural patterns.
Over time, an AI tool will learn from its analysis and apply protections going forward. That is an incredible development. However, on the flip side, targeting our people and organisations is suddenly much easier for cyber criminals, too. They can now write legitimate-looking phishing emails with AI, which helps with applying the right style and tone, the right formatting, and so on.
Once again, as AI continues to learn, it will become much harder for potential victims to differentiate between the real and the fake. That’s why we need to make sure that we’re using the technology to do the same in reverse—essentially, applying the AI tools used by threat actors so we can better identify their techniques.
Securing the ubiquitous Microsoft environment
The world is built on Microsoft. At a conservative estimate, around 80% to 90% of businesses are built on the company’s technology. Most of us use Office 365, Outlook, Exchange and plenty more tools and programs from Microsoft. This leads threat actors to the conclusion that everyone’s setup looks the same, and every organisation holds its data in the same place.
What’s more, cyber criminals are likely to believe that if they can compromise one organisation, they can compromise them all. And the easiest way to compromise a Microsoft setup is by using Microsoft. That’s why we tend to see attackers using the same tools against us, such as SharePoint and OneDrive. If you’ve ever shared a file in either, you know it is incredibly difficult to decipher links. We can be sure today’s threat actors are aware of this, too.
To stay secure in this environment, we need to take a step back and look at the best way to plug into and enhance the Microsoft suite of applications to make sure that our defences are up to scratch.
Connecting technology—and breaking the attack chain
Proofpoint offers several tools that connect with Microsoft Office 365 to provide greater protection against email threats.
Our Proofpoint Aegis solution is the only AI and machine learning-powered threat protection platform that disarms advanced attacks like BEC, phishing, ransomware, supply chain threats and more. Once in place, it can help to stop malicious messages before they hit your inbox and become an issue for your people.
Beyond this top layer, security teams should have visibility further down the attack chain. You need to understand how your people connect to systems and access data. Then, you can implement the tools needed to detect, flag and block any suspicious activity in these areas.
Finally, we need another layer to protect the data itself. And here again, Proofpoint solutions can wrap around Microsoft 365 applications to help ensure data is classified correctly and any personal or sensitive information is stored as securely as possible.
Want to know more? Watch the Intelligent Briefings webinar from Proofpoint to take a deep dive into the email attack chain.