CYBER PATROL Suffice to say, this is bad for business. Leaders need team members to excel and enjoy their work, so they stick around for the long-haul – not wind up at the center of a messy data breach or ransomware investigation. Companies today are also investing heavily in employee experience (EX) and seeking ways to create positive, productive environments. Email security threats interfere with EX initiatives by contributing to toxic “blame culture,” increasing the need for extra security awareness training (SAT) and disrupting employees from deep work. All of this contributes to cumulative stress and burnout. Cybersecurity leaders are under pressure as well. According to the Egress findings, 95 percent of cybersecurity leaders admitted that they are stressed about email security, with the top stressor being attacks sent from compromised supply chain email accounts (51 percent), as well as internal account takeovers (47 percent). Additional concerns include phishing emails with fraudulent invoices and payment requests, attacks containing malware or ransomware payloads and credential harvesting phishing attacks. The Rise of AI-Enhanced Attacks Phishing attacks are becoming increasingly difficult to detect, with threat actors now leveraging AI to create sophisticated messages and spread malware. This makes it even harder for workers to detect incoming attacks. According to Gartner, AI-enhanced malicious attacks and AI-assisted misinformation were the top two mostcited emerging risks during the first quarter of 2024. “One of the key drivers of AI-enabled attacks and misinformation is the rapidly expanding access to its capabilities,” Gartner analysts explained. “AI enhancement can provide malicious code and facilitate phishing and social engineering, which enables better intrusion, increased credibility and more damaging attacks.” According to a recent study published in IEEE Access, 60 percent of participants fell victim to AI-automated phishing, “which is comparable to the success rates of non-AI phishing messages created by human experts.” Perhaps even more worryingly, “our new research demonstrates that the entire phishing process can be automated using LLMs, which reduces the costs of phishing attacks by more than 95 percent while achieving equal or greater success rates,” explained authors Fredrik Heiding, Bruce Schneier and Arun Vishwanath via HBR. As Egress vice president of threat intelligence Jack Chapman pointed out in the Email Security Risk report, businesses are especially vulnerable to sophisticated phishing attacks in the supply chain. “Phishing emails sent from compromised accounts can get through the reputation-based domain checks carried out by traditional perimeter defenses, and if combined with a credible phishing email, there’s every chance an employee will fall victim,” Chapman said. The Outbound Threat Companies also face a growing risk from outbound email breaches. In the Egress report, 91 percent of surveyed cybersecurity leaders said their organizations had experienced incidents caused by outbound email data loss within Microsoft 365. The leading causes included exfiltrating data for work purposes, accidentally sending emails and files to incorrect respondents, and exporting data for personal gain. “Companies primarily focus on the inbound threats – the headlinegrabbing impersonation attacks and phishing, because that’s what everyone’s thinking about,” explained Egress vice president of strategic partnerships, Dan Hoy. “But they’re not tracking or understanding what the outbound risk is. This can be 30 Top Five Most Common Cited Emerging Risk in Q1 2024 AI-enhanced malicious attacks 80% AI-assisted misinformation 66% Escalating political polarization 66% Globally consequential 61% Misaligned organizational talent profile 60% Source: Gartner, May 2024 Cybersecurity Pros’ Stresses About Phishing Phishing attacks sent from compromised supply chain email accounts 52 ATO within their organization 47 Phishing emails with fraudulent invoices or payment requests 40 Phishing attacks containing malware/ransomware payloads 36 Credential harvesting phishing attacks 32 Source: Egress cybersecurity leader survey CHANNELVISION | JULY - AUGUST 2024
RkJQdWJsaXNoZXIy NTg4Njc=