Although AI is being hailed in the workplace for its ability to address skills gaps and contribute to labor shortages, cybersecurity managed service providers know the dark side of AI. Savvy criminals have had no problem leveraging natural language generation to their advantage. This has led to a sharp increase in malicious email phishing attacks. According to a recent CBS report, the market has seen a increase in malicious phishing emails by 1,265% since the end of 2022 (ChatGPT launched in November of the same year). These threats have been augmented by nefarious actors who use generative AI to create highly convincing language, which appears to come from valid sources such as Google, Microsoft, Salesforce.com, or other likely business partners.
So, what’s next when it comes to AI-driven perilous attacks and end-user data security? Now that GenAI has escaped Pandora’s Box and offers new capabilities to cybercriminals, what else should we expect? How can we anticipate the escalation of the threat? Here are some observations from a company specializing in email data security, including using AI-based tools.
Develop email security awareness strategies: In today’s security landscape, businesses must become more proactive to avoid breaches, which are most often generated by a simple password compromise. It is no longer enough to rely on solutions that only use filters to detect malicious emails when hackers develop new ways to bypass these protections every day. Network users should be actively trained to recognize phishing and branding attacks. Therefore, offerings such as threat simulation tools and email security awareness activities are becoming increasingly necessary in the workplace.
Integrated threat simulation: The technology can enable IT administrators to conduct simulated phishing attacks across their entire organization, using customizable templates that mimic communications from large-scale vendors like AWS, Cisco or Google. These are the same types of AI-assisted methods that cybercriminals use to launch attacks. Threat simulation tools “test” users and identify employee victims of these fake phishing emails. Ideally, the solution should provide concrete strategies to help raise awareness among those who “fail” these tests, teaching susceptible users how to better recognize malicious content. Analytics and reporting on simulation results will help IT managers – or MSP, depending on the business model – evaluate user progress over time and across sessions.
Multiplication of security solutions in all environments: As a specialist cybersecurity vendor, we have long suggested that businesses combine multiple solutions into a larger security stack to achieve superior protection. Many cloud-native software companies offer cutting-edge, cloud-ready features beyond what more general companies like Google or Microsoft offer and at a competitive price. For example, we recommended that businesses opt for one of Microsoft’s most basic security packages and combine it with a targeted email security solution with inbound and outbound features like government-grade encryption, account takeover protection, AI-powered tools, and automated features. compliance capabilities. This alternative may be more effective than Microsoft’s top-tier security package – and even more cost-effective for customers.
As networks are increasingly bombarded with phishing attacks and GenAI impostors, security experts are advocating a tiered approach, regardless of the environment. Bad actors armed with AI have made networks far too vulnerable to rely on a single provider. And in fact, many well-known cybersecurity software vendors offer SEG (security email gateway)-based solutions, which rely on blacklisting known dangerous IP addresses, instead of using advanced tools based on AI to combat these threats. Blacklisting does little to eliminate AI-powered attacks that use compelling contextual language and hard-to-filter images. Sophisticated AI-powered tools must be part of any cybersecurity stack.
So while the threats that generative AI poses to the business world won’t slow down, organizations can at least prepare with accelerated, proactive strategies – and equally powerful AI-based protections.
