Research done by Intel revealed that an astonishing 97% of computer users cannot identify phishing emails. When the phishing attack comes from a trusted coworker, users are often defenseless on their own. Protecting against insider email threats presents a significant challenge for Security Operations (SecOps) teams. The increasing popularity of Microsoft Office 365 has deepened cyber vulnerability, due to the architectural limitations of traditional cloud email security gateway products. New solution approaches by Vade Secure provide more effective ways of countering the insider phishing threat in Office 365 and beyond, while offering a host of additional benefits.

The Insider Email Threat

Phishers know their audience—predatory emails tend to look like any other email a user might receive. As researchers at Carnegie Mellon University noted in a recent study, “Users who share similar interests belong to a specific user segment and are susceptible to a specific type of attack.” Thus, the web marketer will receive a phishing email offering an amazing deal on search engine optimization and the attorney will be tempted by an app that matches her with new clients. If the attacker is perceived to be a coworker or organizational superior, the risk is even greater. Behind the guise of a trusted source or a familiar subject, phishers lurk.

A vivid example of the danger of phishing attacks took place during a study at the US Military Academy in 2004. Five-hundred cadets received an email from Colonel Robert Melville requesting that they click on a link. 80% of them did so, despite the fact that no one by the name of Robert Melville worked at the Academy and that the link was potentially dangerous. Trained to obey orders, the cadets dropped their guard and did something they had been instructed to do. The episode demonstrated how vulnerable even a disciplined organization can be to social engineering attacks.

Insider threats are an unfortunate reality in today’s workplace. Though relatively rare, they can be quite damaging. Insider attacks take many different forms—rogue employees may access unauthorized data or improperly override security controls for personal financial gain. Luckily, when attacks come from the inside, there are HR policies and laws that protect the organization. This is not the case when external hackers pretend to be insider employees.

Faux insiders have the power to wreak havoc and cause financial losses and are an overall more complex threat to counter. For example, in a CEO fraud, an attacker posing as a senior executive, commands an underling to execute a bank transfer to a “vendor” on a rushed basis. Such was the case at a startup in the UK, where a hacker pretending to be the firm’s CEO was able to direct £16,000 to an offshore bank account controlled by criminals.

Office 365 phishing page

Office 365 phishing page. Source: www.IsItPhishing.AI

The Office 365 Vulnerability

Imagine that a user’s Office 365 account is compromised, perhaps by way of a convincing but fake Microsoft Login web page. The risks are severe in this scenario. With an actual Office 365 credential in hand, the attacker can take over the user’s email account and send emails to “colleagues” that look 100% authentic… because they are. He or she can send attack emails from a real account. They are legitimate emails from one coworker to another on the actual email system.

The Microsoft vulnerability is manifesting itself in a striking set of statistics. Our research shows that fake Microsoft sites comprised the #1 phishing URL hit in the second quarter of 2018. That’s more than PayPal! Indeed, Microsoft-based phishing attacks have more than quadrupled since the start of the year.

The Solution for Insider Email Threats

Vade Secure has developed an anti-phishing solution that mitigates the insider email threat by working from the inside of Office 365. Thanks to its full API integration, Vade Secure for Office 365 does not disrupt the email flow. Rather, it receives a copy of each message (either incoming or internal) through the journaling process in Office 365. Vade Secure then analyzes the email and leverages the Office 365 API to takes action on the original message on its way to the user’s inbox. This process allows for the scanning of internal emails, thus adding additional protection.

Vade Secure leverages the native Office 365 interface and folders, so it requires no separate quarantine. Moreover, the solution layers with EOP for additional security. From this inside position, the Vade solution is able to apply all of the machine learning and heuristic analysis it uses to flag phishing emails before they arrive in the target’s inbox.