Cybercriminals turn to AI to bypass modern email security measures
Cybercriminals employ artificial intelligence (AI) to create complex email threats like phishing and business email compromise (BEC) attacks, while modern email security systems use AI to counter these attacks, according to Perception Point and Osterman Research.
AI’s role in email security
The new study reveals a substantial shift in the perception of AI’s role in email security. Cybercriminals have shown rapid adoption of AI tools to their favor with 91.1% of organizations reporting that they have already encountered email attacks that have been enhanced by AI, and 84.3% expecting that AI will continue to be utilized to circumvent existing security systems. Consequently, AI-enabled protections are more essential than ever.
The percentage of respondents ranking AI as “extremely important” to their email defenses has increased by more than 4x over the past 12 months. Virtually all organizations expect AI to be moderately or extremely important to their email defenses.
The growing perception of AI-enabled threats aligns with the increasing awareness of large language models (LLM) and generative AI services, such as ChatGPT, that have made headlines in the past year.
Email is still top priority
Almost 4 out of 5 organizations rate addressing email security risks as a top three priority for their organization relative to all other security and risk initiatives.
- Traditional email security approaches have proven less effective over time: 96.9% of respondents implemented AI-enabled email security because their traditional defenses were ineffective against emergent threats.
- AI-powered security is not just for email: Buyers of AI-enabled email security want the ability to better protect other communication and collaboration apps, such as Microsoft Teams, SharePoint, OneDrive, Zoom, and Slack, Salesforce, and more, with AI.
- AI-enabled detection without responsive mitigation is misguided: Strengthening capabilities for detecting threats in email via AI is an essential first step, but it can’t end there. Organizations must train cybersecurity professionals and SOC teams to respond quickly and effectively to identified incidents, leveraging the best of what AI brings to the table.
- Organizations are strengthening defenses with new AI-enabled tools: With the changing threat environment in email, organizations are implementing new defenses. Nine out of ten organizations have implemented an AI-enabled email security solution beyond what is offered by their cloud email provider.
“With the relentless surge in cyberattacks, especially GenAI-fueled phishing and BEC, the imperative for inventive preventative strategies intensifies,” said Yoram Salinger, CEO at Perception Point.
“With cybercriminals leveraging AI to make email attacks ever more dangerous, all organizations must ensure they have the right defenses in place to detect and stop attacks that are missed by traditional email security methods,” said Michael Sampson, Principal Analyst at Osterman Research and the author of the report.