Mimecast Updates Bring AI to BEC Battleground
With cybersecurity being in a pivotal point, it may be hard to see where attackers may target next.
With defences becoming more and more secure, social engineering represents a soft underbelly of security. Therefore, email remains a primary vector for attacks targeting organisations of all sizes.
As cyber criminals become increasingly sophisticated, leveraging AI to craft more convincing and persuasive messages, security vendors are responding in kind.
Mimecast, a leading provider of email security solutions, has recently announced significant AI-powered enhancements to its product offerings, aiming to fortify defences against two of the most pressing threats: business email compromise (BEC) and insider-driven data loss.
Advancing BEC protection
The timing of Mimecast's announcement is particularly pertinent, given the alarming rise in BEC attacks.
Recent research indicates that BEC scams have surged by 20%, now accounting for nearly half of all spam emails. The FBI reported a staggering US$2.9bn in losses from BEC attacks last year, dwarfing the US$59.6m attributed to ransomware in the same period. This stark contrast underscores the critical need for robust email security measures.
Mimecast's Advanced BEC Protection represents a significant leap forward in the company's email security capabilities.
“These new enhancements are a direct result of long-standing and measured integration of this powerful technology into our product suite,” says Sean Brady, Senior Vice President of Product Management at Mimecast. “We have been securing inboxes for more than 20 years now, we know what it takes to pair new age technology with proven defence tactics”
The system utilises natural language processing (NLP) and AI to analyse communication patterns, identify unusual activity, and determine the semantic intent of emails.
This approach goes beyond traditional methods of scanning for malicious links or attachments, addressing the growing threat of 'payloadless' attacks that rely on social engineering and persuasion.
The Advanced BEC Protection system offers several key benefits:
- Detection of payloadless attacks: By leveraging NLP and AI, the system can identify risky phrases and semantic intent, effectively uncovering threats that rely on persuasion rather than malicious payloads.
- Strengthened defences with integrated protection: Mimecast's solution combines threat feeds, email authentication protocols, and advanced AI-driven detection capabilities to combat a wide range of attacks.
- Increased visibility: Administrators gain insight into the characteristics that led to the verdict on each email, such as sender relationships and persuasive phrases used.
This enhancement is particularly timely, as research indicates that 40% of BEC emails are now generated by AI.
The use of AI-powered tools to craft convincing impersonation attempts has contributed to the dramatic rise in BEC attacks, with 87% of such attempts purporting to be from the CEO of the targeted organisation.
The insider risk
Alongside its BEC protection enhancements, Mimecast has also bolstered its Incydr data protection solution with AI-based content inspection capabilities. This upgrade is designed to better identify and protect sensitive and confidential data, addressing the growing concern of insider-driven data loss.
The new features of the Incydr solution include:
- AI-based content inspection executed in the cloud, ensuring no impact on endpoint performance or user disruption.
- Out-of-the-box detection and alerts for personally identifiable information (PII) and payment card industry (PCI) content patterns across multiple file types, including images.
- Customisable detection for specific content patterns and keywords unique to an organisation's intellectual property.
- Enhanced event prioritisation based on data sensitivity, analysing file metadata, source, and content patterns.
These advancements in Mimecast's product offerings reflect a broader trend in the cybersecurity industry towards leveraging AI and machine learning to combat increasingly sophisticated threats.
"Mimecast is no stranger to AI', explains Sean. The company's approach of integrating cutting-edge technology with proven defence tactics positions it well to address the evolving threat landscape.
With BEC attacks now responsible for 25% of all financially motivated cyber attacks, and cybersecurity company VIPRE reporting AI being used to generate 40% of BEC emails, the need for equally advanced defensive measures is clear.
Mimecast's strategy of 'fighting fire with fire' by incorporating AI into its solutions is a logical and necessary response to this growing threat.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
