The rise of BEC attacks: How ICES is shaping the future of email security

Email has been an essential communication tool for decades, but it has been a popular attack vector with cybercriminals for just as long. Integrated cloud email security (ICES) solutions are designed to address these attacks by providing advanced protection against various email-based attacks that exploit legacy security solutions such as secure email gateways (SEGs).

The new email threat landscape 

The email threats facing organisations today present a uniquely daunting challenge. Cybercriminals are poised to employ increasingly sophisticated social engineering tactics, such as business email compromise (BEC) and polymorphic attacks, which involve constantly changing the code and appearance of malicious emails. Verizon reported in their 2023 Data Breach Investigations Report that social engineering attacks nearly doubled from 2021 to 2022. Rapidly growing and increasingly effective, these pre-texting attacks are in stark contrast to the easy-to-spot phishing scams of yesteryear. These newer more elusive attacks make it exceedingly challenging for traditional rule- and policy-based email security systems such as SEGs to detect and block threats.

Furthermore, spear-phishing attacks personally crafted for high-value targets, such as whaling, are expected to grow in sophistication, with attackers leveraging psychological manipulation techniques to deceive even the most vigilant email recipients. To counter these evolving threats effectively, proactive employee security training through simulated spear-phishing campaigns is essential for an organisation’s defence strategy.

In this ever-changing landscape, staying one step ahead of email threats will require a combination of cutting-edge technology, employee education and a commitment to ongoing cybersecurity diligence.

Integrated cloud email security

ICES is a comprehensive email security solution that combines multiple layers of protection to defend against a wide range of email-based threats, including BEC account takeover (ATO) and VIP impersonation. These solutions leverage artificial intelligence (AI), machine learning and other advanced technologies to continuously detect and block malicious emails that slip past traditional email security tools.

Separately, traditional email security solutions – and the default features of cloud-based email providers – can only detect common email attacks with harmful content, such as SPAM, emails with malicious links and attachments or messages sent from fake email domains. However, these methods are not enough to stop newer forms of sophisticated phishing such as BEC or vendor email compromise (VEC) attacks. Unlike old-school phishing, these advanced attacks don’t include malicious links or attachments; they have text-based “malicious intent” in the body of the emails that employ social engineering techniques to trick recipients into giving up login information, sending confidential data or paying a false invoice.

This is where ICES solutions play a crucial role. ICES solutions connect with cloud email services through APIs and integrate directly with Microsoft and Google’s built-in email security to deliver comprehensive inbox protection without having to change mail exchange records and risk the delivery of email to the organisation.

What are the key features and benefits?

ICES solutions offer various features and benefits, including:

• Multi-layered protection: ICESs combine several security layers, such as AI-powered analysis, computer vision, threat intelligence and sandboxing to stop advanced email threats.
• Real-time threat detection: ICESs use API integration with cloud email services to actively monitor and analyse email traffic and inboxes to detect and respond to threats in real-time.
• Account takeover detection and remediation: ICESs use AI and machine learning to analyse inbox behaviours and various other factors to detect and remediate account takeover attempts.
• Seamless integration: ICESs are easily integrated with cloud email services, allowing for streamlined deployment and management without risking the availability or integrity of email services.

ICESs vs. legacy solutions

While both ICESs and SEGs aim to protect organisations from email-based threats, ICESs offer a more advanced and comprehensive approach to email security. SEGs primarily rely on traditional techniques such as signature-based detection and content filtering, which is normally not enough to detect the sophisticated attacks used today. ICESs, on the other hand, use advanced technologies like AI to build a behavioural profile of every inbox and machine learning to detect anomalous behaviour and suspicious emails. They also make use of computer vision to identify and block a wider range of threats in emails and malicious landing pages. Additionally, ICESs are better suited for cloud-based email systems and can be more easily integrated with other security solutions.

ICESs can also detect and block various attacks that can bypass traditional SEGs, such as:

• BEC attacks: ICESs can identify and stop BEC attacks, which involve the impersonation of trusted individuals or organisations to manipulate victims into transferring funds or divulging sensitive information.
• Spear-phishing: ICESs can detect highly targeted spear-phishing emails, which often use social engineering and personalisation to deceive recipients.
• Zero-day exploits: ICESs can protect against previously unknown vulnerabilities or exploits, thanks to their advanced threat intelligence and real-time monitoring capabilities.
• Account takeover attacks: ICESs can identify suspicious inbox behaviour and account activity to detect and remediate account takeover attempts before financial damage occurs.

Augmenting or replacing an SEG with an ICES

When deciding between augmenting an existing legacy SEG with an ICES solution or replacing the SEG with their native cloud email security to complement an ICES solution, organisations should carefully assess their existing security stack, IT/security team resources, and existing or future IT service management requirements.

While augmenting the SEG with an ICES solution can enhance protection against advanced threats with a defence-in-depth security approach, it may also result in added complexity and administrative overheads with some older SEGs. Conversely, transitioning to a combination of native cloud email security and a modern ICES solution provides a more streamlined approach, offering better integration, automation and adaptability to emerging threats while still providing enhanced protection against advanced threats such as BEC and account takeover.

Ultimately, the decision should be based on factors such as the organisation’s security requirements, budget and existing infrastructure, as well as the potential benefits and challenges associated with each option. The 2023 Gartner Email Security Market Guide describes ICES as such: “Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly, the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.”

The next generation of ICES

ICES solutions are commonly seen by vendors as advanced machine-only solutions using adaptive AI to address advanced email threats. While the most sophisticated AI-powered systems can effectively identify and prevent a vast majority of threats –roughly 99 per cent – they are still leaving a small yet significant 1 per cent undetected. When applied to large organisations, this 1 per cent can still result in thousands of threats getting through. This gap in coverage underscores the limitations of relying solely on technology to combat evolving email threats and highlights the need for a more comprehensive approach that combines adaptive AI with human insights.

IRONSCALES is an ICES solution that offers complete protection against modern email threats using AI and human insights. Key features of the platform include:

• Industry-leading AI: IRONSCALES’ artificial intelligence employs advanced techniques such as natural language processing and social graph analysis to detect and prevent advanced email threats such as social engineering. By continuously learning from user reporting and interactions that evolve its threat intelligence, it is becoming the industry’s only fully autonomous AI security analyst.
• Human insights: IRONSCALES incorporates human insights by empowering users to engage in threat detection and remediation via banners and report buttons. The platform then uses the verified threat data across its network of security professionals and employees reporting threats in its user base to feedback into the AI system and continue to advance its threat detection capability.
• Customised banners and report button: Customised email banners are provided by the platform for different types of suspicious emails, enabling employees to investigate and report threats directly to security analysts from within their inbox.
• Crowdsourced threat intelligence: Organisations using IRONSCALES not only gain human insights from their own employees and security analyst but also the insights from all organisations and security analysts using IRONSCALES through its crowdsourced threat intelligence.
• Phishing simulation testing: Natively integrated phishing simulation testing, based on real-world threats, helps to train and strengthen the defences of the organisation’s email users. Phishing simulation campaigns can be manually customised, automatically generated and deployed for a fast and scalable impact.
• Security awareness training: IRONSCALES offers an integrated security awareness training solution that educates employees on cyber threats and best practices. By providing a vast library of video training content and easy-to-deploy personalised training campaigns, IRONSCALES equips employees with the knowledge and skills needed to recognise and respond to cyber threats of all kinds.

Whether augmenting an existing legacy SEG or replacing it with native cloud email security, IRONSCALES provides a multi-layered defence against modern email-based attacks. Its seamless integration, adaptability to evolving threats and user-centric approach make it an ideal choice for organisations seeking to strengthen their email security posture while fostering a proactive security culture.

Learn more about the IRONSCALES platform and enterprise-grade business email compromise attack protection at ironscales.com or get a hands-on demo today.