When Chief Technology and Security Officer Gary Gooden joined Seattle Children’s Hospital in March 2019, he knew that if he wanted to improve the organization’s cybersecurity posture, he’d have to start with its biggest blind spot: email.
“Email fraud defense (EFD) was a critical need,” Gooden recalled. “The primary vector for breaches was—and remains—email: fraud, business email compromise [BEC], ransomware— everything to do with other types of phishing campaigns. All those attacks were evident, obvious and ongoing.”
The costliest of these are BEC attacks. Relying on social engineering rather than technical exploits, they’re practically invisible to traditional security tools. Recipients—thinking that they’re interacting with someone they know and trust—are tricked into doing the attacker’s bidding.