Why contextual machine learning is the fix that zero-trust email security needs

Email data breaches are on the rise. Our recent research found that 93% of organizations have experienced an email data breach in the last 12 months, at an average rate of one incident every 12 working hours.

The vast majority of these incidents are caused by simple human error: misdirected emails, sending of wrong attachments, and incorrect use of the BCC function are the top three ways data breaches occur.

The risk is increasing, too. With organizations continuing to operate in a fully remote or hybrid model due to the COVID-19 pandemic, employees remain highly reliant on email as a way to share sensitive data. As a result, email volumes are surging. 94% of organizations have seen an increase since the pandemic began, and one out of two organizations have seen an increase of over 50%. With this comes a significant increase in the risk of a data breach caused by outbound email.

Within any organization there is an inevitable degree of human error – we’re only human, after all! Although security training can help mitigate some risk, mistakes will still be made, such as selecting the wrong recipient when using Outlook’s autocomplete feature or attaching the wrong file. In some cases, security training can even increase the risk of a breach, as some employees become overly confident in their security knowledge and become reckless when faced with an actual security threat (e.g., a phishing email).

Zero trust for better email security

Taking a zero-trust approach is often seen as a key principle for keeping data safe, as it acknowledges that everyone poses a risk to sensitive data, including insiders. When it comes to securing your outbound email, zero trust means authenticating both senders’ and recipients’ identities, determining them be known and trusted, and ensuring their behavior is in line with your security policy to prevent unauthorized disclosure of data.

However, zero-trust strategies in general tend to be difficult to implement retroactively and arguably need to be baked into a security strategy from day one of organizational operations. These policies can also be hard to manage across varied users and frequently aren’t able to scale. For outbound email in particular, static rules for verifying user behavior and recipient identity are simply unworkable.

These solutions cannot adequately understand user behavior, the sensitivity of content relative to the context in which it is being shared, and the pre-established relationships between users and recipients. They consequently become too rigid, often prompting users unnecessarily and leading to click fatigue, where prompts are eventually ignored because they negatively affect productivity.

Contextual machine learning

Intelligent email data loss prevention (DLP) delivered through contextual machine learning is able to deeply understand an individual user’s behavior and relationships, and proactively determine whether they are acting consistently with security policies.

For senders, this technology provides a safety net for inadvertent data loss. It acknowledges that authenticated users will still make mistakes but, because it’s based upon their behaviors and learns in real time, the technology won’t bombard them with unhelpful prompts. For administrators, it can flag intentionally risky or harmful behavior, blocking emails before they are sent and highlighting areas for urgent investigation to protect data.

Where message-level email encryption is applied, this technology can also use its intelligence to secure the recipient’s experience, creating or reducing friction in real time depending on the level of risk. For example, read-only access might be given to a recipient where there’s a high level of assurance over their identity and the data being shared is of lower sensitivity.

In cases where the recipient is determined to be high risk, for example the same known user now tries to access the email from an unknown IP address, the friction can be dynamically increased (e.g., by using two-factor authentication) to provide greater assurance over their identity.

Email will remain the go-to tool for business communications, particularly as organizations continue to support ongoing remote and flexible working. It will therefore continue to generate ongoing insider risk and security teams must accept that user behaviors will change and mistakes will happen. But with contextual machine learning, they can empower employees to work productively in the moment without compromising security.