How to evolve security if staff can't outsmart AI-powered phishing?

Until recently, the indications of a phishing scam were quite obvious: typos, "dear," sloppy syntax, and an overbearing feeling of urgency.

People not only knew what to look for, but they were also confident in their ability to recognize a phishing email and avoid a dangerous link or attachment.

However, new data indicates that young people are increasingly anxious about unwittingly exposing their firm to a cyber assault, owing partly to the fact that the phishing threat landscape has altered.

The new phishing

85% of employees, many of whom are younger, feel AI has made cyber security threats more sophisticated than ever before. Seventy-eight percent of that group is concerned about the use of AI in cyber attacks and its ability to produce unnoticeable dangers.

Employees were traditionally considered the first line of cyber defense, taught to spot phishing emails and avoid dubious links. While phishing awareness is clearly still important, employers may need to evaluate how much reliance they place on staff to identify and stop threats on their own.

If threats are deceiving executives, how can we in good faith set the expectation that employees should know more than high-level stakeholders and take on an extraordinarily high level of responsibility for protecting the organization?

New threat examples
Gen Z is losing trust in its ability to detect phishing assaults, and with good cause. The attacks are becoming incredibly sophisticated.

The following are three instances of phishing emails that your employees may receive tomorrow and are unlikely to recognize. You can also use the email examples below in your own phishing testing or instructional programming:

1. This email directs staff to evaluate a [false] policy.
   
   Dear [employee name],
   
   As part of our continued commitment to information security, we have recently amended our business policy on data management and access. To ensure that all workers are aware of these changes, [your company name] will conduct a one-time evaluation and acknowledgement.

   Your access to business resources will be restricted until you have finished this brief review. The process takes about 5 minutes and may be accessed using the secure URL provided below.

   [Link to a false page featuring the company's logo and colors.]

   This link is unique to your account and will expire in 48 hours. We appreciate your participation in ensuring a safe workplace.

   Sincerely,

   The Information Security Team
   
   

2. This email realistically [and mistakenly] warns employees of a data leak.
   
   Dear [employee name],
   
   We're writing to notify you of a recent data breach that may have compromised a small number of employee information. We are still examining the nature of the incident, but out of an abundance of caution, we advise you to take urgent steps to secure your accounts.

   For your convenience, we've given a link to a secure portal where you may review possibly compromised data and update your login information for all company-related accounts.

   [Link to a false data breach information page.]

   We appreciate that this news may be unsettling, and we will keep you updated as we learn more.

   Sincerely,

   The Security Response Team
   
   

3. This email contains both credible [and incorrect] information on an HR-run initiative.

   
   Hello, [Employee Name].
   
   It's time to recognize our incredible crew! We are hosting our annual internal employee recognition program and require your vote to choose the winners in various categories.

   To ensure a fair and safe voting process, we have created a new single sign-on system. To vote, simply click the link below and enter your Windows login credentials.

   [Link to a false page featuring the company's logo and colors.]

   Voting closes on [date]. Let us express our gratitude to those who go the additional mile!

   Best Regards,

   The HR department

Actionable Steps for Cybersecurity Professionals
In addition to effective phishing education and training exercises:

• Use sophisticated email security protection. Prevent AI-powered phishing threats that are extremely evasive. Use modern technologies, like as Check Point's email security solutions, which are 93 times more effective than other products on the market.
  
  
• Implement robust endpoint protection. Endpoint protection can assist guarantee that staff are not misled into disclosing sensitive data.
  
  
• Adopt a zero-trust security framework. This can reduce the potential damage if a phishing attempt succeeds.
  
  
• Utilize AI-powered, cloud-delivered cybersecurity solutions. These technologies are very scalable and can be easily upgraded to address new threats.
  
  

Source: Cybertalk.Org

#AI #ARTIFICIALINTELLIGENCE #CYBERSECURITY #CYBER SECURITYPROFESSIONALS #MALICIOUSATTACHMENTS#MALICIOUSLINKS #MALWARE #PHISHING #RANSOMWARE #SOCIALENGINEERING