Cloud Email Security

Important: False Positives & False Negatives in Phishing Defense

Posted by

Warnings serve a vital purpose in our world. They help us stay alert, safe, and protect the things and people that matter most. But, what happens when warnings don’t work as intended? This could be false warnings (false positives) about a non-existent threat — the boy who cried wolf — or it could be a lack of warning about real threats that go unrecognized (true positives). When it comes to depending on a phishing defense to protect your business, correctly identifying real risks and issuing accurate warnings is of the utmost importance.

The image that comes to mind is a scene from the classic movie Jaws: The beaches of Amity Island have reopened (against the warning of the local police chief) in time for the July 4th holiday after a few people have been killed by a shark. Mass panic ensues from a false threat when some local kids build a fake dorsal fin, don snorkeling gear, and pretend to be the shark that was thought to be stalking the area. Only minutes later, a woman calls out a real warning after seeing Jaws himself—but she is ignored by virtually everyone because of the previous ruse. A man in a small dinghy ends up being eaten as a result.

This same anecdote applies to cybersecurity and phishing defense for business email compromise (BEC). When a business has phishing email protection in place, they need to be sure it is an effective one.

IDing a False Positive vs True Negative in Phishing Defense

In cybersecurity, or when dealing with large datasets in other industries that involve data science, machine learning, artificial intelligence — true positives, true negatives, false positives, and false negatives can occur. False positives and false negatives are the outcomes of a model correctly or incorrectly predicting positive or negative classes of messages. Reducing these to the maximum degree possible is vital to effective cybersecurity.

When a Phishing Defense Identifies True Positives and True Negatives

True positives and true negatives are, of course, good for your business. The former are actual phish that are accurately being tagged and caught; the latter are safe emails that aren’t being flagged unnecessarily and sending false warnings. The majority of your email will be negative for phishing.

When a phishing defense is accurate and correctly distinguishes phishing emails from safe communications, everyone (except the hacker) wins.

The Dangers of False Positives

If you implement a phishing defense mechanism that issues a high number of false positives, incorrectly identifying safe emails as phishing emails, your employees will begin to not take the warnings seriously and will end up ignoring the phishing alerts (that didn’t work out well for the man in the dinghy).

Too many false positives are bad for a warning system because it generates “white noise.” A perfect example of this (beyond the classic tale of the Boy Who Cried Wolf) is the situation that doctors and nurses face in hospitals when too many machines are continuously sounding alarms (commonly known as alert fatigue or alarm fatigue).

The Dangers of False Negatives

The opposite of a false positive is the most insidious and can have a significant impact on your business. False negatives are phish that slip through the net and only get reported or discovered after the fact. This means that if you’re using an inadequate phishing defense system that doesn’t classify a real threat as dangerous, your business and all of its valuable data:

  • Will be vulnerable to a data breach,
  • Will be perceived as breaking the trust of your customers,
  • Will suffer a powerful blow to your brand image, and
  • Will likely be subject to lawsuits from customers whose personally identifiable information (PII) or financial data may be stolen.

False negatives fall into the category of “unknown unknowns” — or threats we don’t know that we don’t know. Blind spots in your phishing defense could jeopardize your email systems and leave you open to phishing attacks.

A Phishing Defense Should Be Among Your Top Tech Decisions

Your phishing defense should be among your chief concerns when evaluating your company’s cybersecurity posture. Having a reliable and accurate phishing defense in place means your organization and data are well protected against real cybersecurity threats that come in the form of phishing emails. Drawing from our earlier Jaws example, this means that when danger is lurking in your company’s sea of emails, your employees will receive adequate warning for only the true threats and will be able to get out of the water before being eaten.

Clearedin is a non-intrusive phishing defense platform that integrates with Google Suite to guard against phishing scams. Our anti-phishing services are adept at identifying phishing emails by distinguishing true positives and true negatives from false positives and false negatives. They do this by using metadata (communications from your various email, collaboration, and chat platforms) to create an organizational trust graph that identifies potentially safe users from malicious ones. Dangerous emails are immediately labeled and locked to prevent your employees from engaging with them in any way — such as replying, forwarding, or clicking on links that exist in the email.

See what a best-in-class phishing defense can do for your business. Contact a Clearedin representative today to learn more!

Related Posts

Get Clearedin

Stop targeted attacks on email, Slack, Zoom, and Box with Clearedin’s active defense technology.
Let us show you