Why Do Phishing And Business Email Compromise Even Exist?

Because that’s where the money is.

Why do phishing and business email compromise even exist_.jpg

This episode of At The Edge is made possible by the generosity of our sponsor, Edgescan.

By Sean Martin

In today’s episode, I have the pleasure of speaking with Anand Raghavan, Co-founder & Chief Product Officer at Armorblox, and Chuck Drobny, President & CEO at GlobaLogix. Together, we dig in to two hot topics that seem to be a regular thorn in our InfoSec sides: phishing and business email compromise.

If someone is making money, there will always be someone out there to steal it from them.
— Chuck Drobny

We explore how the industry is leading us to overcome this challenge, beginning with user awareness training and IT security training, before taking a turn to the technology stack, user workflows, business automation and security management orchestration. Of course, it wouldn’t be a proper InfoSec conversation without a loop — so, rest assured, we do end up taking the conversation full circle back to the front of the lifecycle with a point that Chuck makes:

It’s OK to slow things down if it prevents bad mistakes from happening.
— Chuck Drobny

As noted by Anand, security practitioners are sitting on a mountain of logs facing a barrage of threats. To solve this problem, organizations are looking for talent (which is lacking), oftentimes in low-cost regions. Sure, the organization can find smart people who can do the job, but these professionals can really help solve bigger problems for the organization if their skills are applied appropriately.

We need a better security tech stack to help the humans succeed.
— Anand Raghavan

To this end, there are many tech options being pitched to the market: Anand and Chuck look at the role of centralized versus de-centralized protection, detection, and remediation — what’s available today and where things are headed (or where they should be headed). How does multi-factor authentication help in light of “bad security”? And how can we help each other solve these problems?

Look to ‘Second Colleague Authentication’ as a means to protect each other from scams.
— Sean Martin

Want some more quotes? Here are a couple more made by Anand and Chuck during our conversation:

Technology can not in itself make the problem go away — humans are part of the loop in the workforce.
— Anand Raghavan
Speed has to get tempered with a sense of security.
— Chuck Drobny

This is a fantastic conversation — listen in and enjoy.