Abnormal Security, one of the sponsors of our recent report on The Role of AI in Email Security, has just published a complementary research report on how security leaders are responding to generative AI. This was an Abnormal-only initiative that we were not involved with. The research is based on a survey of 300 senior cybersecurity stakeholders at organizations of various sizes.
Key data points:
- Overall, irrespective of the question asked by Abnormal, the vast majority of the security stakeholders who responded to the survey were concerned / worried / aware of and about the issues. Aside from a small minority of outliers, the threat of generative AI across multiple dimensions is widely felt.
- Bad actors are already taking advantage of generative AI to create and disseminate large volumes of seemingly realistic email messages – but which are actually attacks. Beware.
- “Email was the most common first step in data breaches even before generative AI came onto the scene, but this technology has clear potential to increase the volume, sophistication, and resulting effectiveness of email-based attacks” (page 6). As an alternative POV, it also has the potential to decrease the volume but increase the sophistication and resulting effectiveness by using greater targeting and choosing ‘the precisely best message thread to compromise.’ Under this scenario, messages become more pernicious because they are fewer and better hidden in normal message flows, as opposed to more voluminous because every cybercriminal and their hound dog decide to generate an avalanche of AI-refined attacks.
- If AI is being used in a malicious way against your organization, you’re going to have to respond with “good AI” and fight AI with AI. This is the next mega theme in the cybersecurity arms race. Organizations without AI-powered email security solutions are playing a losing game – a theme we also highlighted in our report on AI in email security.
- Respondents using an integrated cloud email security (ICES) solution were almost twice as confident as those using a secure email gateway (SEG) in the ability of their email security to detect if an attack is generated by AI. While Abnormal likes the directionality of the answer, they point out that given the capabilities of currently deployed ICES solutions, the percentages should be lower than they are.
Abnormal’s research on this topic is profiled in:
- The press release from October 24
- A blog post from October 25
- The report itself – and you’ll need to register
Leave a Reply