Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Dave Baggett, CEO and Founder, Inky Technology Corporation
Robot Phish in a Sea of Email
Almost 300 billion emails are sent every day and this number
is steadily rising. Thankfully the days of the Nigerian Prince email scams are largely
behind us and not many people are fooled by the cheap parlor tricks of a lazy phishing
attempt, however in 2018, we at INKY see a future where the very defenses we
have employed for protection are likely to be intercepted by the criminal and
ultimately turned against us.
As the sophistication
of phishing attacks increases, the ability for even a trained user to
distinguish between a real and a fraudulent email is rapidly diminishing.
The same machine learning and artificial intelligence techniques
that protect our email today will inevitability be repurposed to do harm, the
future of email protection will be a virtual game of cat and phish, fought not
by your IT team but by smart adaptive algorithms - on both sides.
To protect the fidelity of email, phishing prevention
systems must adapt to identify and nullify zero-day attacks. The level of
sophistication in our defenses must be greater than the strength of the most
persistent phishing attacks.
The reliance on phishing aggregators will diminish with each
minute an active phishing attempt goes undetected, racking up the possibility
of millions in losses. According to the most recent APWG Phish
Activity Rends Report June 2018 a full 35% of phishing websites
employed https:\\ or had an active SSL certificate, we suspect that this is
just the beginning. The most effective phishing attacks are those that offer
the deepest layers of legitimacy and AI and Machine Learning offer the criminal
the ability to adapt in real-time to the actions of a potential victim or their
phishing defense software.
Many phishing attempts are socially engineered over weeks
and months, establishing and validating trust before the crime is committed. This
threat vertical often defeats the common Bayesian algorithms used to weigh the
statistical risk of a transiting email. Further threatening email fidelity and
compounding the challenge, are legacy phishing prevention applications that
advertise their existence to a potential cybercriminal, arming them with a blueprint
for an organization's defense before an attack has even begun.
While the phishing
attacks of the future will become more sophisticated, so must our defenses.
Employee
training will diminish as the frontline of organization defense. Phishing
aggregators will fall too far behind the tidal wave to be effective. And those phishing
defense platforms that remain to fill the space must come both armed and
adaptable. The only effective anti-phishing software will be one that grows,
learns, adapts, and can pivot -- not based on a fixed statistical model -- but
on a living adapting algorithm. Robot Phish vs. Robot Phish.
The phishing defenses of the future must do more than mimic
a human operator... they must surpass it. Email remains the most pervasive and
convenient form of business communication and as such, it remains the single
greatest security risk to any organization. The monetization of data necessitates
next-generation phishing platforms that can adapt and react and real-time.
Future threats require future solutions. At INKY we are determined
to stay generations ahead of the cybercriminal, maintaining trust in tomorrow's
internet means adapting to tomorrow's threats.
##
About the Author
Dave Baggett is CEO and Founder of Inky Technology
Corporation, a cloud-based email security platform designed to be more than
just artificially intelligent. Prior to
INKY Dave co-founded ITA Software, the travel search provider that was acquired
by Google in 2011 for $700M. Dave has a
B.S./B.A. in Computer Science and Linguistics from the University of Maryland,
College Park and a S.M. in Computer Science from MIT. He is a Trustee of the
University of Maryland College Park Foundation, and a Member of the UMCP
Computer, Math & Natural Sciences Board of Visitors and Chair of its Entrepreneurship
Task Force.