Robin Bell , CISO at Egress , provides insight into the essential components of robust email security strategies .

t ’ s estimated that individuals make

35,000 decisions every day according to psychologists , or one decision every two seconds . That ’ s not to say that each decision has a big impact , most are small and often instinctive like taking a sip of coffee , turning the work laptop on , or clicking a hyperlink in a seemingly normal email .

Email really is the backbone of business communication as an instinctive tool for all employees . Despite COVID-19 driving the adoption of messaging apps and video conferencing , four out of five employees say email is their preferred way to communicate , but ease of use comes with risk .

Phishing attacks are increasingly sophisticated , and although they ’ re not necessarily more prevalent , these advanced threats are getting through traditional defenses , so it feels like the overall volume has increased .

• Authority Bias – Believing the information has been verified fully by an organisation or individual with formal authority .

• Availability – Assessing how likely an event will occur or how often it occurs based on how easily the event can be recalled .

• Halo Effect – A quick judgement , usually based on a recent experience , a single characteristic or a first impression .

• Hyperbolic Discounting – Choosing immediate rewards over future gratification .

• Representativeness – Judging how likely something belongs to a category based on similarities with members in the category already .

It ’ s well-known that cybercriminals utilize heuristics , especially in phishing attacks , relying on a slip-up of an unsuspecting employee . Authority bias is essential to CEO fraud , hyperbolic discounting in fraudulent flash discounts with tight timeframes , the halo effect in brand impersonations with previously legitimate correspondences .

Robin Bell , CISO at Egress

So , how do you tackle advanced cyberattacks whilst reducing friction and maintaining ( or improving ) productivity ?

The impact of heuristics on email security

Heuristics are the rule of thumb or mental shortcuts which help simplify decision-making . There are several techniques which are known to influence email security :

Outbound data loss via email also often harbors heuristic techniques . The sender may assume they won ’ t make an error when sharing sensitive information because they never have before .

Applying nudge theory

Nudge theory focuses on shaping the environment to promote certain outcomes by influencing decision making . In email security , nudge theory can have multiple applications , combining

WWW . INTELLIGENTCISO . COM 63