How Contextual Machine Learning Targets Human Error To Prevent Email-Based Data Breaches Posted on : Sep 24 - 2020

With a large percentage of the global workforce based remotely for the foreseeable future, more business than ever is being conducted over email. And while this modern convenience has been critical to the continued operation of many businesses in the current health crisis, it has also presented those businesses with new data security challenges.

The unfamiliar environment of remote work — not to mention its potential distractions, like children and pets — leaves employees more vulnerable to misdirected emails and other mistakes that can lead to accidental data breaches. Scams aimed at both individuals and organizations (even healthcare facilities on the front lines of the pandemic have not been immune to their efforts) have also risen, attempting to capitalize on the situation.

Accidental breaches are notoriously difficult to combat because they can be caused by something as simple as a typo in an email address. Human error is a part of life — something businesses must seemingly accept as inevitable. But the advent of today’s machine learning technology has changed that. When it comes to accidental data breaches and even social engineering scams, human error is no longer an acceptable or understandable cause — it is a preventable one.

Email Remains A Primary Vector For Both Accidental And Malicious Breaches

Those who don’t work in IT are often surprised to learn that email remains one of the most popular attack vectors for cybercriminals. Movies like Swordfish or Hackers tend to feature hoodie-wearing hackers furiously typing to stay ahead of any network defenses, but a real-life criminal is far more likely to simply capitalize on a user’s mistake. Misdirected emails, mistaken attachments and other email mistakes are extremely common. In fact, employees mistyping the name of a contact and sending information to the wrong person was one of last year’s leading breach drivers.

As if this type of mistake wasn’t common enough on its own, cybercriminals will often attempt to artificially induce them. Verizon’s 2020 Data Breach Investigations Report (DBIR) revealed that social engineering attacks are among the most common tactics used by cybercriminals. The report found that human-focused phishing scams remain a top social threat to businesses, involved in 32% of confirmed breaches, while “pretexting,” which involves criminals misrepresenting themselves or their intentions (often via email), is another top concern.

These incidents are built upon the simple premise that people make mistakes. If a scammer sends thousands of phishing emails, even a success rate of less than 1% could potentially prove lucrative, whether directly (through financial channels) or indirectly (through theft of personal or confidential information).

Given that IMB's Cost of a Data Breach Report indicates that the average incident costs more than $8 million in the US, putting a stop to these breaches — whether accidental or malicious in nature — is of paramount importance for businesses, many of which may not be able to absorb the cost of such an attack. But how does a business put a stop to everyday mistakes like misdirected emails or ensure that employees remain alert for spoofed email addresses? To many, it seems that a certain level of vulnerability to this sort of breach is unavoidable. View More