February 1, 2019updated 04 Feb 2019 2:45pm

Agari recommends automation to cope with rise in phishing attempts

By Ellen Daniel

Phishing, the act of obtaining personal information such as usernames, passwords and credit card details via electronic communications such as emails, is one of the most prolific online fraud tactics developed over the past decade.

Fuelled by poor cybersecurity practices and a lack of built-in authentication, business email compromise scams have increased by 60% over the past year, with over 90% of organisations reporting some form of targeted email attack.

Yesterday, Agari published its Q1 2019 Email Fraud & Identity Deception Trends report, and noted a worrying increase in sophisticated phishing attempts.

The report found that the number of attacks is on the rise, with increasingly sophisticated cyberattacks combining “identity deception techniques with personalised, socially-engineered emails designed to throw recipients off-kilter” resulted in “rapidly-evolving, socially-engineered email threats that grow more dangerous by the day”.

The source of 96% of successful data breaches is  email, with lookalike domains and domain spoofing, display name deception in which the attacker uses the name of an individual or brand to make a fake email address, and compromised account attacks were the attacks of choice for many fraudsters.

With 23% of organisations suffering financial damage as a result of a breach and the the average loss being more than $1.6m, many are now increasing their efforts to protect employees and companies from potentially harmful attacks.

SOCs are inundated with reports of phishing

In response to the scale of the problem, many organisations are finally waking up to the importance of adequate training to prepare employees to spot a phishing attempt before it is too late, as well as ways for employees to easily report a phishing attempt.

Although this is undoubtedly a move in the right direction, many organisations do not yet have a system in place to adequately deal with the sheer volume of phishing attempts that occur almost daily.

This has resulted in a significant increase in the workload of those who work to protect a company’s cybersecurity. According to the report, the average security operations centre (SOC) needs 54 analysts to deal with the number of phishing incidents that occur. However, the average number of analysts in UK SOCs is just 12.

The bombardment of phishing attempts means that many SOCs are experiencing more attacks than they can handle, meaning serious breaches may not be investigated until it’s too late.

SOC analysts spend an average of 5.88 hours investigating and resolving phishing attempts, and with employees reporting more than 23,000 phishing incidents per organisation per year, with 55% being false positives, it is clear that there is a huge SOC skills gap.

Automation could be the answer

The report highlights that some aspects of the process of “triaging, investigating, and remediating” phishing incidents is an area that could therefore be automated. Although some aspects of the process require the human judgement only possible by a trained analyst, Gartner Research VP and analyst Anton Chuvakin explains that some of the more repetitive elements could be automated:

“Many organisations’ security operations teams report that their work around investigating suspected phishing emails is heavily repetitive and requires many meticulous steps, such as checking multiple blacklists and different IT systems within the company.”

The triage process usually involves investigating the sender domain and address, URLs and attachment to find out whether the message is potentially malicious, and can be time-consuming. However, by using machine learning algorithms to spot patterns in phishing attempts, this process can be sped up.

According to Agari’s report,  businesses felt they could reduce breach risk by 50% by automating the process of phishing incident response. This could result in a $551,025 reduction in the cost of investigating breaches every year for the average business.

Crane Hassold, director of threat research at Agari’s cyber intelligence division believes that automation is one way of solving staff shortages:

“Employees are getting wise to phishing attempts they are getting really good at reporting suspected attacks to their security teams. While this is an encouraging trend, it means that understaffed Security Operations Centers are spending more than half of their time on investigating false positives. With the average UK organisation facing a security analyst staffing deficit of 42, this means overstretched staff potentially missing the real threats. The answer isn’t simply hiring more analysts. This is massively expensive, and there is simply not the talent available. However, tools do exist that can reduce the time spent by analysts, and provide them with insight into emerging threats.”

Verdict deals analysis methodology

This analysis considers only announced and completed cloud-deals deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,