Humans + Machines: The Best Defense Against Email Phishing Attacks



| 2017 Jun 20

According to Cybersecurity Ventures, global cybersecurity spending will exceed $1 trillion cumulatively over the next five years. With the massive number of cyber defenses, strategies and services available today, it begs the question – where should organizations really be focusing their cybersecurity budget to minimize risk and most effectively detect, prevent and mitigate cyberattacks?

Some organizations are choosing to invest heavily in employee awareness and training, believing the human layer is the first line of defense. Others are implementing next-gen cybersecurity technology to replace what they consider the weakest link, the human layer, making technology the first line of defense. But what most of the cybersecurity industry and many organizations don’t yet fully understand, is that to truly minimize the risk of email phishing attacks, machines and humans must work together – all of the time.


The Pitfalls of a Solitary Defense

A recent report from CEB Global, now part of Gartner, found employee mistakes, such as falling for phishing attacks, to be the main cause of half of all breaches. As a result, the research firm also reported that the average large company increased its spend on security awareness training  by 50 percent in just the last two years. While employee education and awareness is intended to prepare employees to identify any suspicious emails and report them to their security team, the training itself has traditionally focused on avoiding mistakes, not reporting them – giving the hacker free reign to continue spreading the attack to employees, customers and third-party vendors. Further, no matter how many training sessions an employee goes to, he or she is all but bound to open a bad email eventually. Because of the reliance on employees to report attacks, and the burden put on security teams to remediate them, organizations that rely on human intelligence and action alone are likely to remain a primary target for phishing attacks

On the other hand, some companies are beginning to replace the manual remediation process with automation. By using machine learning (ML), for example, security teams can continuously accumulate information about new attacks and automate responses to learned attacks. However, advanced technology like ML can create a false sense of security, where organizations mistakenly believe it to be an all-encompassing solution and not take any additional defense measures. According to Dante Disparte and Chris Furlow in Harvard Business Review, “Spending millions on security technology can certainly make an executive feel safe. But the major sources of cyber threats aren’t technological. They’re found in the human brain, in the form of curiosity, ignorance, apathy, and hubris.”

Simply put, choosing only one line of defense against phishing will leave organizations vulnerable to modern attacks. Employees are human, and it’s likely that one will click eventually from the hundreds of phishing emails sent each day and technology, while continuously advancing in intelligence, still requires a human touch. Therefore, companies must utilize both employee training and advanced technology to cover their bases and more effectively prevent successful phishing attacks.


IronSights: An Employee’s InMail Virtual Security Analyst

Recognizing the need for a solution that combines human intelligence with machine learning to most effectively combat modern day phishing attacks, IRONSCALES developed IronSights, the first and only solution to augment machine intelligence in real-time to combat impersonation and spoofing attempts such as CEO Fraud, aiding decisions and incentivizing users to report.

Using ML algorithms and deploying deep scans at the mailbox level, IronSights studies employee’s mailboxes to detect anomalies and communication habits based on sophisticated user behavioral analysis. All suspicious emails are visually flagged via the IronSights user control panel inside the Outlook or Google toolbar as soon the email hits the inbox. Once flagged, a quick button link enables users to report, initiating automated deep forensics followed by a company-wide mitigation response. Simultaneously, IronSights sends an instant notification to security teams and other integrated solutions, such as the SIEM. In doing so, IronSights essentially serves as a personal virtual security analyst for every single employee within an organization, significantly reducing the risk of human error in identifying malicious emails. With human intelligence and IronSights, organizations will have two layers of defense at the inbox level, ensuring unprecedented protection, enhanced decision making and immediate remediation.

Join our webinar, for more information: