Sebastien Goutal, Chief Science Officer, Vade: What Makes Spear-Phishing Dangerous

Vade, a global leader in predictive email defense with one billion protected mailboxes worldwide, recently announced that it has been granted three U.S. patents related to novel text data augmentation techniques that improve the accuracy of business email compromise (BEC) detection for their MSP customers and Vade for M365 end users.


We spoke with Sebastien Goutal, Chief Science Officer, Vade to discuss what makes spear-phishing so dangerous and the company's new patents.


What makes spear-phishing such a cybersecurity concern?


Spear phishing is such a cybersecurity concern for two reasons. First it can be very damaging. According to IC3 report, the adjusted total loss due to Business Email Compromise/Email Account Compromise in 2020 is $1.8 billion, with 19,369 complaints – which means that the average loss is $92,932. Secondly, detecting a spear phishing is like finding a needle in a haystack: the attack is very rare, targeted and does not include any obvious payload – such as a phishing URL or a malicious file. An additional difficulty is that trying to detect spear phishing may lead to false alarms which can impact negatively the user experience.


Talk to us about the latest patents from Vade. Why are they special?


These patents are special because they secure our technology that helps to detect spear phishing/BEC with unprecedented accuracy. As spear phishing/BEC samples are very difficult to collect, the help of additional synthetic data to train and test our threat detection models is key.

What are some best practices for organizations looking to defend against spear phishing?


Do not rely only on technology to protect the organization. Employees have to play an active role in the defense of the organization. As such, it is important to evaluate and train members of the organization on a regular basis – in particular those who may be more exposed as they have a particular role within the organization – such as access to bank accounts and confidential information.


###