Last updated: 02 May 2019
This content is brought to you by
Main Logo@3X

Email protection

Why send a human to do a machine’s job?


Email has long been a favoured attack method for hackers. It’s relatively cheap, can be launched at scale, and it’s easy to spoof legitimate addresses. Plus, it’s about the law of averages: the more attacks made, the more likely it becomes that one person will be tricked.

Cyber attacks are one of the top 5 attacks facing the world
Between 75% and 90% of targeted cyber-attacks start with an email
Business Email Compromise losses: $12 billion+ between October 2013 and May 2018

Now that hackers are using AI, the threats are escalating – and accelerating.

As the digital economy expands, the threat landscape naturally follows suit. Compounding the situation is the use of machine learning and AI as hackers and other bad actors look to scale their bad behaviour.

AI as the answer (well up to a point)

cyber security positions unfilled
The shortage of cybersecurity professionals around the globe has never been more acute

The variety, volume and velocity of attacks isn’t something us humans can manage by ourselves. You can’t expect system admins to go through individual logfiles, deal with false alerts, and rely on traditional systems that wait for unusual behaviour and then shut down. By then, any threat will be well inside your perimeter and causing all sorts of problems.

In an ideal world, a malicious email would be stopped from ever landing in your inbox. Of course, we’re in the real world. So your email protection must include:

Virus scanning
Spam scoring
Real-time intent analysis
URL link protection
Sensitive data secured with data leak prevention and encryption
Reputation checks
Full cloud backup and recovery of every email and file
Wannacry spread with a speed and scale that ransomware has never achieved before
computers infected
countries affected
Over 60,000 new malware variants introduced daily
Snapshot 4 Apr 2019

In the face of these sorts of threats, you need AI to support your security strategy. For example, deploying AI to:

Recognise when a non-company email address is being used or spoofed (does the link below go to facebook.com or somewhere else?)
Detect unusual language or layout used in email requests, and alert users (these URLs have been created using Cyrillic letters in, designed to trick users into clicking)
Note individual employees’ style and speed of typing, to create a unique biometric signature and alert when this appears to change

No matter how much AI protection you have…
…humans can still be the weakest link


Most popular passwords 2018

Make your workforce the first line of defence


Hackers may be able to deploy AI, but organisations can respond with AI and human insight.

You just have to educate your end users.
This means turbocharging your email protection with:

Regular security awareness training and phishing simulations
Identifying who in your organisation is ‘high risk’ due to their role and seniority, and give them special training
Even in cybersecurity, some things only people can do. Humans are better at absorbing context and thinking imaginatively. Cyberwars won’t simply be two sets of computers battling it out. But AI will become an important part of every major organization’s cybersecurity toolkit.
PwC
Share