Today, nearly half of all business communication takes place in channels outside of email. Contextual Analysis can help security teams quickly identify and correlate risks across their entire communications environment, from collaboration platforms to email and even personal messaging apps.
Begin your transformation to secure and compliant communication. Share your information so we can connect.

Download PDF
Executive Summary
Today, nearly half of all business communication takes place in channels outside of email. These communications span enterprise channels like Slack, Teams, and Zoom but also personal channels like LinkedIn, WhatsApp, and Telegram. Adding further complexity to this modern communication ecosystem is that both kinds of channels are accessible across both managed and unmanaged endpoints. While most business communications are benign, some involve the exchange of proprietary information, such as financial data or intellectual property, and some channels like Slack and Teams are further integrated with enterprise networks and data systems like code repositories.
"Communications are a blind spot for most organizations."
— Director of IT, Security, and Compliance Healthcare Company
Threat actors know security teams typically have little visibility into these new communication channels, so they are taking full advantage of this expanded attack surface by deploying social engineering techniques and language-based attacks. Using impersonation, deception, urgency and semantic tricks, they convince their targets to take actions outside of baseline normal behavior. This approach is becoming much more common; studies suggest that cybercriminals use social engineering in 98% of attacks. Social engineering has featured prominently in the most damaging attacks in recent memory, including Uber, Twilio, Nvidia, Okta, Microsoft, and Axie Infinity.
As the business communication ecosystem expands, CISOs and SOC teams are discovering that they need greater visibility into the context and intent of communications across cloud channels to prevent attacks from turning into damaging business communications compromise (BCC). In this paper, we will define how Contextual Analysis enables insight into the context and intent of communications, and provide an outline of how Contextual Analysis helps detect BCC attacks earlier in the kill chain by detecting leading threat indicators such as social engineering, unusual communications exchange, and abnormal user behavior.


Contextual Analysis in Cybersecurity
Contextual Analysis – the process of breaking down a digital conversation in order to better understand it – is a modern, highly efficient, and powerful toolset for defenders. It gives security teams visibility into the flow of messages in cloud communication channels so they can more easily and quickly locate, identify and neutralize threats. While most security tools are designed to detect traditional attack indicators, such as malicious links or attachments, Contextual Analysis is fundamentally different: it’s designed to help teams quickly examine the language in today’s complex communications ecosystem for more efficient threat identification.
SafeGuard Cyber deploys advanced Contextual Analysis capabilities powered by the platform’s Natural Language Understanding (NLU) engine to extract meaningful insight from unstructured language. By analyzing the content and context of a message, including language-based lexical features, spelling features and topical features, it provides security teams with clear insight into the human element behind cyberthreats, including:
-
Who is talking?
-
What are they talking about?
-
What are they saying about those subjects?
-
How do they feel?
Based on these results, security teams can determine if a conversation is benign or if something suspicious is taking place. Contextual Analysis helps teams determine if a conversation is part of a plan to obtain sensitive information or escalate privileges, or if it has the hallmarks of a social engineering attack using elements such as false urgency or undue persuasion. By evaluating the WHY and the HOW of communications, Contextual Analysis makes it possible for security teams to detect language-based attacks that can be leading indicators of BCC.
The human element is involved and exploited in 82% of security breaches. As a result, "this puts the person square in the center of the security estate with the social engineering pattern capturing many of those human-centric events. These attacks continue to be split between phishing attacks and the more convincing pretexting attacks, which are commonly associated with Business Email Compromises," the report concludes.
2022 Verizon Data Breach Investigations Report
businesses worldwide are targeted by phishing scams daily.
of data breaches have been found to have social engineering components associated with them.
the number of phishing websites as malware sites are existing.
of attacks by cybercriminals use social engineering.
of companies worldwide were victims of phishing in 2020.
was the cost per compromised record on average.
Recent Social Engineering Attacks Highlight Security Gaps
Some of the most devastating social engineering attacks in 2022 were conducted against Nvidia, Okta and Microsoft by the Lapsus$ group. Using communication channels like WhatsApp, Slack and Teams, they gained access to hundreds of gigabytes of Nvidia’s proprietary data, including information about chips that the company is developing. In addition, Lapsus$ claims to have stolen the credentials of thousands of Nvidia employees.
In January, cybercriminals stole 20 GB of credit card information from guests and employees of Marriott International in the UK. In this breach, the threat actors used social engineering attacks to lure an employee into providing access to their employee’s computer.
In March, the Blockchain company Ronin lost almost $615 million worth of cryptocurrency through an attack on Ronin’s network blockchain bridge. Using a fake LinkedIn job offer to phish an employee, the attackers stole 173,600 Ethereum cryptocurrency tokens and 25.5 million in USD Coin in just two transactions. In response to these attacks, Ronin’s parent company, Sky Mavis, said it is looking to become a “zero-trust organization."
During September, a 16-year-old cybercriminal took advantage of a loophole in Uber’s security system, to crack into the system. Impersonating Uber’s IT team, the attacker sent multiple and continuous MFA push notifications to a contractor across SMS and WhatsApp. In this case, the seeming urgent nature of the notifications eventually wore down the employee who eventually logged in and had their credentials promptly stolen.
Weeks later, the same cybercriminal compromised an employee at Rockstar Games, then used those credentials to impersonate the employee, breaching the company's Slack instance to steal intellectual property and leak it publicly.

The Changing Nature of Work

of North American office workers worked from home more than one day per week

had not worked remotely prior to COVID-19

of workers prefer a hybrid work environment

lower absenteeism

fewer quality defect

higher profitability
Something Powerful
Tell The Reader More
The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.
Remember:
- Bullets are great
- For spelling out benefits and
- Turning visitors into leads.
lower absenteeism
fewer quality defect
higher profitability
Text
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
Technical Requirements
Secure Infrastructures
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
Technical Requirements
Secure Infrastructures
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
NEW ROLE OF THE CISO
Over 80% of security professionals believe social media, mobile messaging, or collaboration apps present medium to high risks to their organization.
SafeGuardCyber Survey April, 2019
Secure Infrastructures
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
Text
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
Organizations also increasingly rely on cloud-based collaboration platforms and personal communications technologies to connect teams across regions and time zones.
With the sudden onset of the pandemic, many organizations abruptly switched to remote work and found themselves having to allow technologies like MS Teams, Slack, Zoom and Webex on a scale they were uncomfortable permitting earlier. At the time, many IT leaders believed these solutions would be temporary and they’d quickly go back to "normal."
Now, more than a year later, not only are organizations continuing to use these technologies, but they’re doubling down. Yet, they still have no way to keep these systems secure from third-party risks. For example, a recent attack against EA Games involved infiltrating the company’s Slack instance and launching a fileless social engineering scheme to gain access to the network, resulting in the theft and exfiltration of highly-valuable intellectual property.
Similarly, IT once viewed communications solutions like WhatsApp and WeChat as personal apps. Because corporate teams had zero visibility into them, they would not allow employees to do business on them. But in some critical emerging markets, only a small percentage of people use email. Most use mobile chat applications like WhatsApp. It has become a business imperative to use the local technology.
New Security Challenges
These collaboration and communications tools present significant data governance and security challenges for large organizations. In a survey by SafeGuard Cyber:
- 78% of cybersecurity leaders express an inability to protect all communication channels and digital assets6
- 46% say collaboration tools represent the biggest security challenge
- 1 in 3 say their biggest challenge is mobile chat apps, WhatsApp, WeChat, Telegram
- 1 in 5 say their biggest challenge is Video meetings (Zoom, Webex, etc. )
Hybrid work environments will only increase the challenges. As employee devices and laptops move onto the corporate network and then back home where they can be exposed to hackers and more easily infected with malware and ransomware, it will be difficult for security teams to protect employees from threats, detect and respond to insider threats, or stop malware and ransomware.

Only 20% of security professionals feel confident they are effectively mitigating the digital risks from social media, messaging and collaboration apps.
SafeGuardCyber Survey April, 2019
The Five Elements of Contextual Analysis
To close the blind spot in threat detection and stop attacks before they can do damage, SafeGuard Cyber uses Contextual Analysis, which combines five key components of a conversation:
Semantic Analysis
Extracts insightful information such as emotions, and sentiments to understand, interpret, and derive meanings from sentences and paragraphs. It uses machine learning to analyze the grammatical format of sentences, including the arrangement of words, phrases, and clauses to determine relationships between independent terms in a specific context. By examining the relationship between words in a sentence, semantic analysis helps provide a clear understanding of the context.
Metadata Analysis
Identifies message characteristics such as the sender’s address, receiver’s address, subject, and date, as well as Return-Path, Reply-To Field, and Message-ID. It identifies which servers, ISPs, and platforms the message has passed through, and can also determine if a message arrived at its intended recipient without faults or changes, and it can tell if files have been altered since they were first created.
Digital Identity
Is an accurate profile of a person created from a history of how, when, and why they use cloud communication channels. The profile builds a history of a person’s past connections, and can determine what is ‘normal’, such as talking to someone in HR every other week. If that person suddenly starts to communicate with someone in a different department, that may be considered anomalous behavior and worthy of further investigation.
Behavioral Analysis
Examines all possible trends, patterns and activities of users to understand the difference between the expected and the unexpected. By understanding that a particular employee doesn’t send email at a certain time of day; doesn’t use email signatures; doesn’t misspell words; or doesn't send email from an unusual geographic location, unusual changes to these typical behaviors are quickly identified, and that person’s messages can be flagged for further analysis.
Social Graph Analysis
Is a mapping of how people are communicating with each other. It builds a relationship model of people based on their patterns of communications. Unusual connections l can be easily identified and combined with behavioral analysis to help detect account takeover and insider risk.
Using Contextual Analysis, SafeGuard Cyber understands the who, why, and how of business communication, giving security teams the power to understand which communications may include social engineering attempts and helping protect organizations from costly and damaging business communication compromise (BCC).


SafeGuard Cyber Differentiation
With almost a decade of NLU and ML experience, SafeGuard Cyber is expert in developing accurate, scalable security and compliance analytics. SafeGuard Cyber Contextual Analysis, with patented NLU technology and autodetection of 52 languages, provides insight into the context and intent of communications to detect threats earlier than pure behavioral approaches.
Figure: By using machine learning to analyze the key elements of a conversation, SafeGuard Cyber helps security teams protect their business communications from social engineering, phishing, insider threats, and language-based attacks that evade legacy tooling.
SOC teams need the ability to identify and discover sophisticated social engineering attacks in all commonly-used cloud channels. SafeGuard Cyber helps by protecting more channels than any other security solution, providing Contextual Analysis for more than 30 digital channels including email, collaboration, chat, conferencing, social media, and mobile messages. Cross-channel event correlation builds upon this capability by comparing the content and context of messages across multiple cloud communication channels, enabling the platform to detect threats that siloed and less capable security tools miss.

SafeGuardCyber Survey April, 2019

SafeGuardCyber Survey April, 2019
SafeGuardCyber Survey April, 2019
Lorem ipsum dolor
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla urna massa, maximus at neque vel, mollis efficitur.
Benefits
With SafeGuard Cyber’s agentless architecture, organizations benefit from:
Gain unprecedented visibility to respond to internal and external threats in hard-to-see places like direct messages and group channels. Reduce detection and response times in the cloud infrastructure where work gets done.
Be up and running in hours not days. Organizations no longer have to configure agents.
Connect our agentless security platform into your existing cyber defense systems, feeding event data and telemetry into your EDR and SIEM solutions.
Secure Human Connections
Ready to see how SafeGuard Cyber secures modern communication apps wherever they exist?
Expert Insights on Cloud App Risks
Stay up-to-date on the latest insider threats, ransomware, and third-party vulnerabilities.