23 Dec Default Security Isn’t Enough to Stop Business Email Compromise Attacks
How to protect Microsoft Office 365 against B.E.C.
New York City, N.Y. – Dec. 23, 2020
It’s become beyond clear: Default security is not enough.
Gartner has often suggested that, for its customers, Microsoft EOP doesn’t hack it.
And they’ve noted that many clients have expressed dissatisfaction in Microsoft ATP (now renamed as Microsoft Defender for Office 365, or MSDO), which is something that analysts at Avanan, an email security company, have found as well.
The reasoning starts with business email compromise scams. It’s become the hackers’ new go-to attack. The stats are troubling.
The average BEC payment nearly doubled between the first and second quarter of 2020. It’s now at $80,183, on average. And the FBI has noted that, between 2014-2019, they saw claims of over $2.1 billion in losses from BECs. In a March report, Gartner found that BECs increased by nearly 100 percent in 2019 and through 2023, predicts that BEC attacks will continue to double each year, at a cost of over $5 billion to its victims.
Cybercrime TV: Gil Friedrich, Founder & CEO at Avanan
Protecting Office 365 inboxes from phishing attacks
Why are they so effective? They are incredibly hard to stop. As Gartner noted in an October 2020 article entitled, “Determine If Email Security in Office 365 Meets Your Organization’s Needs”:
“…due to the rise in business email compromises, account takeovers and other sophisticated attacks, many times some malicious emails are actually missed by MSDO, and in fact by any other email gateway solutions. Therefore, organizations should strongly consider integrating third-party solutions to strengthen their email security capabilities.”
BECs are hard to stop because you need internal context to know that one is occurring. Companies like Mimecast and Proofpoint are designed only to monitor inbound email — therefore they have no way of scanning internal email or understanding the context or conversational relationships within an organization. When an SEG sees an email from the ‘CEO’ to the ‘CFO’, it will be the very first time it has seen such a conversation.
Both Microsoft and Google have the internal access required to prevent BEC attacks and many of their anti-spoofing tools do a good job at blocking basic attacks. But the issue is that their infrastructure cannot perform the per-customer contextual analysis required for most BEC attacks. They work with far too many companies and customers to properly monitor all internal accounts and understand an organization’s relationship and reputation patterns.
In order to best guard against BEC attacks, your company needs all of the following protections:
- Machine learning algorithms combined with role-based, contextual analysis of previous conversations to identify threats that Google, Microsoft and external mail gateways miss,
- Analysis of one-year’s email conversations to build trusted reputation network,
- Scanning and quarantine of internal email and files in real-time, protecting against east-west attacks and insider threats,
- AI and machine learning techniques to rapidly adapt to new threats and behaviors,
- Account takeover protection beyond email: login events, configuration changes and end user activities throughout the suite.
BEC attacks are too dangerous and commonplace to leave to default security, or even ATP.
Instead, email security, that has internal protection built-in, like Avanan does, is necessary.
– Jeremy Fuchs is a marketing content manager with Avanan.
Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.
Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™. The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.