In this Help Net Security interview, Riaz Lakhani, CISO at Barracuda Networks, discusses the effectiveness of AI-based behavioural analysis in combating sophisticated email threats like BEC and VEC.
Lakhani also explains how AI tools help detect malicious email activity and address the limitations of traditional security measures.
How effective is AI based behavioural analysis in combating sophisticated email threats like BEC and supply chain VEC, and what are its limitations?
Attackers can leverage generative AI to create increasingly personalised and convincing business and vendor email compromise attacks. Traditional security red flags, such as random targeting, spelling and grammar mistakes are fast disappearing, replaced by content that can be almost impossible to distinguish from the real thing.
Fortunately, defenders can use the same AI tools, and more to strengthen their email defences. AI can identify known phishing patterns and signatures, allowing it to recognise and flag suspicious emails. AI-based behavioural tools look for anomalies in email behaviour and characteristics. This enables them to identify – in real-time – any irregular sender behaviour, unusual email content, or deviations from established communication patterns. Natural language processing is used to analyse the content of incoming messages for sentiment, context, tone, and potentially malicious intent. By understanding the context of emails, AI makes it harder for attackers to use pretexting, a common tactic in BEC, to deceive recipients.
There can be a risk of false positive detections, and these could potentially lead to delays or disruptions in business operations. But with a recent BEC attack making off with $40 million, many companies may feel that a few false positives are a risk worth taking.
The battle between AI-based social engineering and AI-powered security measures is an ongoing one. Sophisticated attackers may develop techniques to evade AI detection, such as using ever more subtle and contextually accurate language, but security tools will then adapt to this, putting the pressure back on the attackers.
So while AI-based behavioural analysis is a powerful tool in the fight against sophisticated social engineering attacks, it is most effective when used within a multi-layered defence strategy that includes security awareness training and other security measures.
Are traditional email security gateways becoming obsolete, and what alternative strategies should CISOs consider for email security?
Traditional email security gateways are becoming less effective in the face of increasingly sophisticated email-borne cyberthreats. Many traditional gateways rely on static rules and signature-based detections that are no match for targeted social engineering, phishing through collaboration tools, or the exploitation of cloud-based platforms.
Alternative strategies for CISOs to consider include integrating AI and machine learning into the email security platform. AI/ML can analyse vast amounts of data in real time to identify anomalies and malicious patterns and respond accordingly. Behavioural analytics help detect unusual activities and patterns that indicate potential threats.
It is also important to expand security measures beyond email to include other communication and collaboration tools, such as Slack, Teams, and cloud storage services. Educating users about the latest threats and safe practices remains a critical component of any security strategy.
How can CISOs encourage widespread adoption of secure email practices across the organization, especially in remote work environments?
Security success depends on people and CISOs have an important role to play in fostering a strong security culture across the organisation. Our own research shows that the commitment and engagement of senior leaders, as well as clear, effective and consistent security policies and guidelines, and regular security training and awareness – including attack simulations – are all key ingredients of effective security governance.
These human measures should be underpinned by advanced security tools that meet the needs of hybrid, dispersed and remote employees, including robust VPN, access and authentication measures.
How can companies ensure the security of their email communications, considering the growing risks associated with third-party vendors?
Ensuring the security of email communications, especially with the involvement of third-party vendors, requires a comprehensive approach that is based both on security due diligence of the partner and effective security tools.
Before engaging with any third party, an organisation should conduct a background check and security assessment. From a security perspective, this should include evaluating their security policies, incident response plans, and compliance with relevant regulations. The relationship should be based on contractual agreements that outline the necessary security requirements, data protection measures, and compliance obligations – and it is worth adding a requirement for regular audits updates and monitoring.
Once this is in place, communicating with the third parties should be subject to the same multi-layered, advanced and AI-powered security measures as all other external communications.