AI-Enabled Security Extremely Important for Majority of Organizations, Says Osterman Research

Email remains the primary communication channel for virtually all businesses. As such, email is still one of the most common infiltration points for threat actors.

Recognizing this, organizations have implemented secure email gateways and trained employees to identify red flags that indicate potential attacks. But when the good guys zig, the bad guys zag. Threat actors have pivoted to more advanced, AI-powered attacks, bypassing traditional email protections and duping even the most security-minded employees.

Security-minded organizations expect cybercriminals to continue to innovate. More importantly, they innovate as well, keeping one step ahead of the bad guys by implementing AI-enabled solutions to strengthen email security, automate mitigation, and remediate identified threats.

Cybercrooks are hungry for confidential information, account credentials, and stolen finances, using a wide array of attacks to infiltrate organizations. Some of these include phishing, social engineering, payment invoice fraud, business email compromise, and the like. To stymie bad actors, organizations leverage traditional, rules-based email security solutions including:

• Detecting signatures

• Blocking messages with .exe attachments

• Allowing whitelisted messages

• And leveraging blacklists or blocklists

These methods continue to detect and block some run-of-the-mill attacks. But as threat actors increasingly use emerging attack methods enabled by AI, they circumvent rules-based defenses to reach the inboxes of targeted victims. In fact, 91% of respondents in Osterman’s report say they are already experiencing AI-enabled cyberattacks against their organization. Roughly three-fourths of respondents agree they’ve experienced AI-enabled cyberattacks in the past six months.

Cybercriminals use AI in email attacks to:

• Create unique attacks at scale

• Make messages more convincing by imitating the writing style and tone of the supposed sender

• And improve message quality

With a few simple prompts, tools like ChatGPT and WormGPT quickly produce convincing, error-free email copy. Providing these generative AI tools with writing samples allows cybercriminals to mimic the sender they are trying to imitate. These malicious emails are so cogent, that they avoid threat detection by traditional security solutions and regularly deceive employees trained to look for grammatical errors and inappropriate tone.

Threat actors aren’t the only ones changing tactics with the times. Osterman Research finds that “Nine out of ten organizations have implemented an AI-enabled email security solution beyond what is offered by their cloud email provider.” As such, many organizations rely on cybersecurity vendors to improve their capabilities and processes through AI-based security solutions.

Some of the benefits associated with working with such vendors include:

• A better understanding of the profile and behaviors of each sender and recipient: By using AI to create a baseline of typical communication behavior—spanning location, sender, recipient, content, timing, location, and more—organizations detect risky communications before they cause problems.

• The ability to detect anomalous sending patterns: By combining baseline email patterns, content tone, and identifying attributes of suspicious emails, AI solutions swiftly detect disguised emails that might elude human detection. This is especially useful amidst rising message volumes.

• The capability to identify content written by generative AI (especially malicious content): Sophisticated AI-based solutions pinpoint patterns in generative messages, making it easier to identify and block messages with malicious intent.

• Creating derivative training data for machine learning models: Machine-learning models are trained on a combined analysis of baseline sending patterns, near-match email addresses, messages containing social engineering triggers, and impersonated logos. While a close eye might identify these issues, AI reliably increases the speed of detection and remediation.

• Strengthen incident response and remediation processes: Vendors provide improved accuracy, scalability, and real-time mitigation of email threats for understaffed and under-resourced security teams.

These sophisticated security solutions are already making a difference. According to Osterman Research, “four out of five organizations indicate that AI-enabled email security solutions have enabled them to safeguard or improve the efficacy of detecting multiple types of threats in email, even as threat actors have changed their attack methods.” It’s no wonder why addressing email security risks is among the top three priorities for 77% of respondents.

These AI-backed security solutions go beyond email to provide defenses for other communication and collaboration applications integrated with business email. Examples include commonly integrated communication channels such as Microsoft Teams, SharePoint, OneDrive, Zoom, Slack, and Salesforce. This is a boon for organizations that can defend against threats to the email environment outside just email. More than 80% of respondents consider the ability to protect other communications applications in their ecosystem as moderately or extremely important.

If threat actors gain access to sign-in credentials—particularly email account credentials—those threat actors gain access to nearly everything else the victim is able to access. Those sign-in credentials tied to email are effectively the keys to the organization. This access can include third-party applications to facilitate lateral movement, sensitive data, platform configurations that can be used to establish persistence, and, of course, a legitimate email account to launch further attacks. Once a cybercriminal has weaseled their way into your email environment, there’s no telling how long they might exist there without detection.

This is where Abnormal Security makes a difference. Abnormal provides behavioral AI-based email security that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions.

Our anomaly detection identifies and analyzes the risk of every cloud email event. This includes preventing inbound email attacks, detecting compromised accounts, and remediating issues. We provide protection for Microsoft 365, Google Workspace, Slack, Teams, and Zoom, so organizations are always steps ahead of the bad guys.

If attackers are leveraging AI, your organization should too.

Read the full report from Osterman Research: The Role of AI in Email Security.

Interested in learning more about Abnormal's AI solution? Schedule a demo today!