π Phishomatixπ‘
In the ever-evolving digital communications landscape, navigating through our inboxes can sometimes feel like threading the eye of a needle, especially with the relentless threat of Phishing, which fatigued, information-overloaded people know exists but does not go away. In this digital age, Phishing continues to be a preferred vector for unauthorised access to sensitive data and financial assets. It exploits a range of human vulnerabilities to be successful.
Perplexity AI helped me find the following statistics about Phishing:
In 2022, there were more than 4.7 million phishing attacks reported globally, with 1.35 million in Q4 alone, 1
In the US alone, there were 300,497 phishing victims reported in 2022, with a total loss of $52,089,159 2
Phishing was the second most common cause of breaches at 16%, costing $4.91m 3
According to a report by security company Egress, 92% of organisations worldwide fell victim to phishing attacks in 2022, accounting for the 29% increase in phishing incidents from 2021 4
In 2021, employees received an average of 14 malicious emails per year, with some industries hit particularly hard by 5
According to Verizon's 2022 report, 36% of all data breaches involved phishing 6
The challenge? To address the issue of emails bypassing technological defences and landing in an inbox, where they may be acted upon by humans who might be distracted, multitasking, or simply not fully considering the implications of their actions.
π Phishomatix: A Guardian Angel for Your Inbox π
Phishomatix is an innovative email co-pilot that empowers users to make well-informed decisions about how to deal with the content of their emails. Collaborating with your mail client provides real-time information to help users deal with those 14 malicious emails that the mail scrubber may not have flagged as Phishing but should have done.
Busy users miss the Phishing cues because distractions, urgency, trusting others, and higher personal risk thresholds lead to lapses in judgment and human error. Social unrest or upheaval situations can also create conditions where people fall more for Phishing.
Phishomatix recognises that filtering technologies, training, and awareness are a kind of Maginot Line. A fantastic defence line works well until the threat actors figure out ways to get around it, and once they do, the flood cannot be stopped except by other layers of defence.
Phishomatix's goal is to assist users in making better choices, particularly when they are not fully conscious of the risks associated with their inboxes. It is designed to intervene when needed and otherwise remain unobtrusive.
The use cases for Phishomatix are compelling:
For Users: Confidence and guidance in interacting with emails, allowing for informed decisions rather than dictated ones.
For Security Teams: Enabling smooth operations while ensuring protection and respecting users' autonomy.
For Business Owners: Unimpeded workflow with ensured data security, customised to align with organisational risk appetite.
βοΈ Real-Time Technology Risk Management π
The Phishomatix co-pilot solution is customisable to each organisation, accounting for unique risk thresholds and technical controls. It uses risk threshold data, knowledge of available technical controls, and real-time email examination capabilities to intervene when necessary and support users in making the right decision.
Consider two hypothetical organisations with different risk appetites but similar technical controls. One has a low-risk appetite and leans heavily on technical controls. With Phishomatix, as soon as an email's risk surpasses the low threshold, it alerts the user with relevant information, allowing them to make an informed decision. In contrast, an organisation with a higher risk appetite allows its users more freedom, banking on the robustness of its technical defences. Phishomatix adjusts accordingly, providing a safety net that aligns with the organisation's risk thresholds and technical controls.
βοΈ Real-Time Human Risk Management π
Phishing is a people problem as much as it is a technical problem. Phishomatix considers the profile of the users too. Assuming users are willing to sacrifice some privacy, it will connect to training systems and check on phishing training results, remember their previous poor decisions, recognise the user is multitasking, and consider any other parameters, like demographics or number of hours worked in a day, that may indicate a susceptibility to Phishing. Phishomatix could even target groups of users most affected by Phishing and step up the posture where needed. Finally, Phishomatix could use threat intelligence to note situations in the world, which led to changes in Phishing, like the increased use of courier services during the COVID-19 pandemic, which led to an increase in courier-inspired phishing attacks.
π Adaptable and Dynamic β‘
Phishomatix allows users and organisations to calibrate the rules according to their needs. They can decide their reliance on technical defences and the effectiveness of their user training. Additionally, they can monitor outcomes, adjust risk ratings, and use the data they gather from Phishomatix to determine the best course of action: do nothing, a technical solution, a solution that changes behaviour, or some combination of options.
π Towards a Safer Email Environment ποΈ
Although no solution is foolproof, Phishomatix represents a significant step towards reducing the risk of Phishing. It aims to provide users with helpful information to make informed decisions and lower the chances of successful Phishing. Phishomatix aims to create safer digital spaces, allowing users to manage their emails and perform their duties confidently, knowing they're not alone in the fight against cyber threats.
A passwordless future may reduce Phishing attacks aimed at credential theft. But until that future arrives, Phishomatix can substantially improve inbox safety, allowing businesses to continue their work without the constant threat of phishing attempts. Removing passwords won't prevent users from giving away credit card details or handing over sensitive information, but it may make Phishing less attractive to some threat actors. Of course, threat actors may look for, and no doubt will find, other ways to hack people as they interact with technology.
π Notes β‘
The ideas and concepts discussed in this article are theoretical and meant to stimulate thought. They may or may not work in practice. There are several legal and compliance concerns to consider, and technically, many integrations to email clients and operating systems are needed for it to work effectively. Issues of liability, should it not work, need consideration. Always consult with professionals before implementing any new security measures. Phishomatix is not a product but a conceptual tool illustrating how adaptive phishing defences could look. This work is my own and is solely my viewpoint.
By: Jonathan Gill
Date: 16 August 2023
Β