WEBVTT 1 00:00:00.000 --> 00:00:01.830 Michael Novinson: Hello, this is Michael Novinson with 2 00:00:01.860 --> 00:00:04.830 Information Security Media Group. I'm joined today by 3 00:00:04.830 --> 00:00:08.010 Amelia Paro. She is the director of channel development for 4 00:00:08.010 --> 00:00:10.560 Graphus. Good morning, Amelia, how are you? 5 00:00:10.680 --> 00:00:12.450 Amelia Paro: I'm doing well. Thanks for having me. 6 00:00:12.600 --> 00:00:15.300 Michael Novinson: Thank you for coming by. I want to do a deep 7 00:00:15.300 --> 00:00:18.600 dive today on phishing and advanced email security. To 8 00:00:18.600 --> 00:00:21.300 start with, I'd love to get your perspective on why phishing is 9 00:00:21.300 --> 00:00:22.950 such a big threat for businesses? 10 00:00:22.000 --> 00:00:22.840 Amelia Paro: That's a great question. So a couple of main 11 00:00:22.840 --> 00:00:24.580 reasons why it's such a huge threat - now more than ever. 12 00:00:24.580 --> 00:00:25.930 COVID changed a lot of things for a lot of businesses and when 13 00:00:25.930 --> 00:00:32.950 the workforce went remote, it opened up more opportunity for 14 00:00:32.980 --> 00:00:36.340 cybercriminals to leverage email and digital attacks. The sheer 15 00:00:36.490 --> 00:00:43.960 volume of emails that is handled on a daily basis - sent/received 16 00:00:44.080 --> 00:00:59.440 - has exploded as well. We've seen a 74% increase in just the 17 00:00:59.440 --> 00:01:04.390 sheer numbers of emails being handled by by employees and by 18 00:01:04.390 --> 00:01:09.610 individuals. And the line between personal and work has 19 00:01:09.610 --> 00:01:16.870 also blurred too. We are using mobile devices more than desktop 20 00:01:16.900 --> 00:01:25.270 computers. And so if you think about end users, employees, 21 00:01:26.110 --> 00:01:29.500 sitting in bed in the middle of the night checking email, 22 00:01:29.500 --> 00:01:33.010 scrolling through, it gets really hard to tell what's real 23 00:01:33.010 --> 00:01:36.430 and what's not. And also distraction. So there's a lot of 24 00:01:36.430 --> 00:01:41.830 different things that have really come to light since 25 00:01:41.830 --> 00:01:48.910 COVID. But COVID was really the catalyst that got all this. This 26 00:01:48.910 --> 00:01:52.270 started and got the ball rolling. So, number of emails, 27 00:01:52.270 --> 00:01:56.920 the sheer volume and on the cybercriminal side, phishing is 28 00:01:57.100 --> 00:02:01.000 their number one attack vector of choice, because it's easy, 29 00:02:01.240 --> 00:02:08.080 right? It's easy to deploy, they can do spray and play where they 30 00:02:08.080 --> 00:02:12.400 can send out many, many, many hundreds of thousands of emails, 31 00:02:12.400 --> 00:02:17.200 and all they need is one person - one person at an organization 32 00:02:17.200 --> 00:02:23.500 to be distracted or not have enough education, or just be 33 00:02:23.500 --> 00:02:26.590 unaware, whatever the reason. All it takes is one. 34 00:02:27.830 --> 00:02:29.420 Michael Novinson: Very interesting! Let's double click 35 00:02:29.420 --> 00:02:33.110 here on the COVID-19 piece, and I'd love to get a little bit 36 00:02:33.110 --> 00:02:35.720 more color for you around what impact the pandemic has had on 37 00:02:35.720 --> 00:02:37.070 the phishing threat landscape? 38 00:02:37.050 --> 00:02:41.366 Amelia Paro: When everybody went remote and virtual. IT teams 39 00:02:41.456 --> 00:02:46.581 businesses weren't really prepared for that, for the most 40 00:02:46.671 --> 00:02:52.156 part. And as I mentioned in my response to the last question, 41 00:02:52.246 --> 00:02:57.731 the lines between personal and work have blurred. And we were 42 00:02:57.821 --> 00:03:03.396 all stuck at home. And so you've got the dogs barking, and the 43 00:03:03.486 --> 00:03:08.881 kids screaming, and the spouse trying to talk to you. And so 44 00:03:08.971 --> 00:03:14.097 distraction was one of the number one reasons that people 45 00:03:14.186 --> 00:03:19.492 cited for falling for a phishing email. And phishing emails 46 00:03:19.582 --> 00:03:24.347 nowadays are way more sophisticated than they used to 47 00:03:24.437 --> 00:03:29.833 be. They're employing social engineering tactics, as well as 48 00:03:29.922 --> 00:03:35.498 the vast network of resources that is available the cybercrime 49 00:03:35.587 --> 00:03:41.342 underground virtual market known as the dark web, anyone can buy 50 00:03:41.432 --> 00:03:46.468 on the dark web, a highly sophisticated DIY done for you 51 00:03:46.558 --> 00:03:51.773 phishing kit that's literally plug and play. And so anyone 52 00:03:51.863 --> 00:03:57.078 with even mediocre technical aptitude, if they know how to 53 00:03:57.168 --> 00:04:02.294 get out on the dark web and where to go to purchase these 54 00:04:02.384 --> 00:04:07.329 things, they can leverage sophisticated attacks against 55 00:04:07.419 --> 00:04:12.814 organizations. So couple of things went into play - just the 56 00:04:12.904 --> 00:04:18.479 change in the environment and the work environment and all the 57 00:04:18.569 --> 00:04:23.605 distractions and also the availability of these types of 58 00:04:23.695 --> 00:04:29.450 attacks, and that they're the favorite method of cybercriminals. 59 00:04:31.280 --> 00:04:34.520 Michael Novinson: So, I know you'd mentioned the phishing 60 00:04:34.520 --> 00:04:36.860 kits. What are some of the other ways the sophistication of 61 00:04:36.860 --> 00:04:39.470 phishing attacks has changed in recent years? 62 00:04:40.920 --> 00:04:45.330 Amelia Paro: So we've seen a lot more account takeovers, now 63 00:04:45.330 --> 00:04:49.170 these are going to be attacks that are coming from a trusted 64 00:04:49.170 --> 00:04:55.350 source. So historically, your standard email gateway, which is 65 00:04:55.350 --> 00:05:00.420 what most spam filters, most email security historically, 66 00:05:00.930 --> 00:05:03.600 that's the technology that they have employed. Now, your 67 00:05:03.600 --> 00:05:08.580 standard email gateway is only going to catch known threats. We 68 00:05:08.580 --> 00:05:12.480 all are aware of the Nigerian prince scam, right? We kind of 69 00:05:12.540 --> 00:05:16.020 use it as a joke now, right? Somebody will get an email, it 70 00:05:16.020 --> 00:05:18.960 says, "Oh, I'm a Nigerian prince and I want to send you $3 71 00:05:18.960 --> 00:05:23.220 million. I just don't know your address and phone number, but 72 00:05:24.060 --> 00:05:26.310 it's gonna cost a little bit of money in order for me to send 73 00:05:26.310 --> 00:05:29.340 you your million of dollars," whatever it is, right? But the 74 00:05:29.340 --> 00:05:33.150 wording, the syntax was awful. And there was no punctuation. 75 00:05:33.150 --> 00:05:37.920 And I mean, it was just it was obviously a phishing email. And 76 00:05:39.660 --> 00:05:45.690 the known threats, like links in emails are generally known to 77 00:05:47.580 --> 00:05:52.110 take you to a, like a website that has malicious payload in 78 00:05:52.110 --> 00:05:55.740 it, or an attachment, right. And then the goal is you open the 79 00:05:55.740 --> 00:05:58.230 attachment, and it's going to automatically download a 80 00:05:58.230 --> 00:06:01.680 malicious payload. So those are known email threats. Well, 81 00:06:01.680 --> 00:06:04.890 nowadays, you've got very sophisticated email threats that 82 00:06:04.890 --> 00:06:08.880 include account takeover, which you're, for example, a CEO of a 83 00:06:08.880 --> 00:06:13.920 company. His email account is compromised and taken over. So 84 00:06:13.920 --> 00:06:18.390 then when an email goes out to the entire company from the CEO, 85 00:06:18.390 --> 00:06:22.770 it's his email, your standard email security tools are not 86 00:06:22.770 --> 00:06:25.740 going to catch that. It's coming from a trusted source, right? 87 00:06:25.740 --> 00:06:29.040 There's no hyperlinks in it, there's no attachments. It just 88 00:06:29.040 --> 00:06:37.350 says, "Hey, I need you all to buy some gift cards." And then 89 00:06:37.350 --> 00:06:41.790 there's the zero day attacks, which again, goes back to the 90 00:06:41.790 --> 00:06:44.880 level of sophistication and threat actors are constantly 91 00:06:45.270 --> 00:06:49.620 upping their game, evolving their tactics to avoid 92 00:06:49.620 --> 00:06:54.870 detection. So makes it harder for seasoned professionals, 93 00:06:55.020 --> 00:07:00.000 those in cybersecurity, and the tools that we use to help us 94 00:07:00.000 --> 00:07:03.660 combat against this threat or to catch those types of threats. So 95 00:07:03.660 --> 00:07:09.600 that's where advanced technology, like advanced email 96 00:07:09.600 --> 00:07:15.750 security tools that use machine learning, that use advanced 97 00:07:15.750 --> 00:07:22.080 technology like AI to help combat against those advanced 98 00:07:22.170 --> 00:07:23.280 phishing attacks. 99 00:07:24.090 --> 00:07:27.180 Michael Novinson: Let's turn our attention to that and the use of 100 00:07:27.210 --> 00:07:31.050 AI and ML in advance email security, specifically in terms 101 00:07:31.050 --> 00:07:33.960 of AI. How can that help with the investigation process? 102 00:07:34.170 --> 00:07:36.330 Amelia Paro: So it helps in a couple of ways. So first and 103 00:07:36.330 --> 00:07:41.100 foremost, it's automating things, and doing them quicker 104 00:07:41.130 --> 00:07:47.580 than humans have the time, the bandwidth to do. For example, 105 00:07:49.440 --> 00:07:55.710 one of the components of Graphus are email security tool, what 106 00:07:55.710 --> 00:08:03.090 the AI does is it uses the speed of machine to analyze over 50 107 00:08:03.090 --> 00:08:06.600 different components of the communication habits, styles and 108 00:08:06.600 --> 00:08:12.270 patterns of the employees, the end users, the way they 109 00:08:12.270 --> 00:08:15.510 communicate, with whom they communicate, the times that they 110 00:08:15.510 --> 00:08:19.530 communicate, what devices they normally communicate from, where 111 00:08:19.530 --> 00:08:25.860 geographically they communicate from, and it's doing all of this 112 00:08:25.860 --> 00:08:30.690 work in the background, very quickly, way more infinitely 113 00:08:30.690 --> 00:08:35.190 more quickly than a human would be able to do. And so it's 114 00:08:35.310 --> 00:08:39.000 taking all of that information, it's assimilating it into what 115 00:08:39.000 --> 00:08:43.650 we call a trusted communication profile. Now, it's a baseline, 116 00:08:43.860 --> 00:08:49.320 the tool allows the employees to contribute to the learning the 117 00:08:49.410 --> 00:08:55.170 trusted profile, as the interactions with it continue. 118 00:08:55.800 --> 00:08:59.220 But if you just think about the sheer volume of work that the AI 119 00:08:59.220 --> 00:09:04.860 has now been able to accomplish in literally in minutes. I think 120 00:09:04.860 --> 00:09:11.130 that is in my opinion, one of the ways where AI really is a 121 00:09:11.130 --> 00:09:14.340 critical component in the fight against advanced phishing 122 00:09:14.000 --> 00:09:17.510 Michael Novinson: I know you talked some about the benefits 123 00:09:14.340 --> 00:09:14.940 emails. 124 00:09:17.510 --> 00:09:21.620 of AI-specific automation. Also wanted to get into how AI can be 125 00:09:21.620 --> 00:09:25.040 used to reduce the workload for IT security teams. Can you give 126 00:09:25.040 --> 00:09:26.360 me a little bit more color around that? 127 00:09:26.360 --> 00:09:31.220 Amelia Paro: Absolutely. So I talked about how the AI creates 128 00:09:31.220 --> 00:09:35.660 this trusted profile and allows the end users to contribute to 129 00:09:35.660 --> 00:09:38.510 the learning. So there's a couple of ways that it does 130 00:09:38.510 --> 00:09:44.450 that. The employees will interact with the email when a 131 00:09:44.450 --> 00:09:48.170 warning banner is attached to an email with the tool. Things 132 00:09:48.170 --> 00:09:54.290 might be suspicious for various reasons. And if it gives the 133 00:09:54.290 --> 00:09:58.130 employee the ability to respond and say "yes, this is a phishing 134 00:09:58.130 --> 00:10:02.090 email," click or "no this is safe" click now. Either one of 135 00:10:02.090 --> 00:10:06.080 those responses will teach the tool, right? "Yes, it's safe" - 136 00:10:06.110 --> 00:10:10.640 It adds that that communication to the trusted profile. "No, 137 00:10:10.640 --> 00:10:13.730 it's not safe" - Now, this is where the automation helps 138 00:10:13.730 --> 00:10:17.720 reduce the workload. So if it is marked as phishing, the tool 139 00:10:17.750 --> 00:10:22.370 will automatically pull that phishing email from any other 140 00:10:22.370 --> 00:10:25.670 inbox that may have reached automatically, immediately, 141 00:10:25.670 --> 00:10:32.300 regardless of where that inbox geographically is located. So in 142 00:10:32.300 --> 00:10:40.070 thinking about how, historically IT teams, technology teams, when 143 00:10:41.120 --> 00:10:45.770 they have to respond to a lot of false positives, investigations, 144 00:10:45.770 --> 00:10:48.500 they're spending time figuring out "okay, is this a real 145 00:10:48.500 --> 00:10:52.670 phishing threat? Is it not?" And if it is a real phishing email, 146 00:10:52.910 --> 00:10:56.450 who else in the entire organization may have opened it? 147 00:10:56.540 --> 00:11:01.430 They have clicked on a link. If there's no link, there's no 148 00:11:01.430 --> 00:11:05.420 attachment, or done what was requested in that phishing email 149 00:11:05.420 --> 00:11:11.000 - went out and bought gift cards or change the direct deposit 150 00:11:11.000 --> 00:11:17.150 location of an invoice payments, right? These types of things a 151 00:11:17.150 --> 00:11:22.790 normal SVG wouldn't pick up. So as the tool gets smarter, it's 152 00:11:22.790 --> 00:11:28.130 going to reduce the amount of time that teams are spending 153 00:11:28.160 --> 00:11:34.610 investigating, following up, hunting down, releasing false 154 00:11:34.610 --> 00:11:39.290 positives. And as the longer you use it, the smarter it gets. So 155 00:11:39.290 --> 00:11:42.590 the amount of time that teams will be spending is generally 156 00:11:42.590 --> 00:11:43.250 minimized. 157 00:11:44.380 --> 00:11:46.540 Michael Novinson: Let's talk to you about Graphus specifically. 158 00:11:46.690 --> 00:11:49.570 When you gaze into the crystal ball, what do you feel customers 159 00:11:49.570 --> 00:11:52.060 and prospects should be watching for from the company as we head 160 00:11:52.060 --> 00:11:53.050 into 2023? 161 00:11:53.360 --> 00:11:55.820 Amelia Paro: It's a great question. So we are focusing 162 00:11:55.850 --> 00:12:02.360 more on increased automation and also smart integrations with 163 00:12:02.390 --> 00:12:09.830 other tools that IT teams use regularly. Best of breed tools 164 00:12:09.860 --> 00:12:13.670 that provide different functions, but can work together 165 00:12:13.670 --> 00:12:21.830 with Graphus. For example, a ticketing system, or a remote 166 00:12:21.830 --> 00:12:27.890 management system, or a documentation 167 00:12:27.950 --> 00:12:32.030 network/documentation tool. So taking the like the ticketing 168 00:12:32.030 --> 00:12:35.600 system specifically, right? So ticketing system would be if an 169 00:12:35.600 --> 00:12:41.390 end user needs IT support. They would send an email to IT 170 00:12:41.390 --> 00:12:46.010 support @company.com and that gets logged into the ticketing 171 00:12:46.010 --> 00:12:49.640 system of the IT team on the backend. Now, with an 172 00:12:49.640 --> 00:12:54.080 integration with Graphus, as soon as Graphus identifies a 173 00:12:54.080 --> 00:12:57.650 phishing threats, it will connect to the ticketing system, 174 00:12:57.830 --> 00:13:02.270 it will create a ticket immediately include all the 175 00:13:02.270 --> 00:13:08.060 phishing email details that the tool has identified. And 176 00:13:08.120 --> 00:13:13.400 allowing teams to not only document what they've done to 177 00:13:13.400 --> 00:13:19.310 resolve it, but creating a cohesiveness and letting them 178 00:13:19.310 --> 00:13:20.060 solve it quicker. 179 00:13:21.140 --> 00:13:23.030 Michael Novinson: Interesting stuff. Amelia, thank you so much 180 00:13:23.120 --> 00:13:23.690 for the time. 181 00:13:23.720 --> 00:13:25.190 Amelia Paro: You're very welcome. It was my pleasure. 182 00:13:25.190 --> 00:13:25.970 Thanks for having me. 183 00:13:26.090 --> 00:13:28.400 Michael Novinson: Of course. We've been speaking with Amelia 184 00:13:28.400 --> 00:13:32.030 Paro. She is director of channel development for Graphus. For 185 00:13:32.030 --> 00:13:34.940 Information Security Media Group. This is Michael Novinson. 186 00:13:35.210 --> 00:13:35.990 Have a nice day.