AI-Enabled Security Extremely Important for Majority of Organizations, Says Osterman Research

As attackers leverage AI to improve their efforts, Osterman Research finds that organizations are prioritizing AI-enabled security to protect their email environments.
August 22, 2023

Email remains the primary communication channel for virtually all businesses. As such, email is still one of the most common infiltration points for threat actors.

Recognizing this, organizations have implemented secure email gateways and trained employees to identify red flags that indicate potential attacks. But when the good guys zig, the bad guys zag. Threat actors have pivoted to more advanced, AI-powered attacks, bypassing traditional email protections and duping even the most security-minded employees.

Security-minded organizations expect cybercriminals to continue to innovate. More importantly, they innovate as well, keeping one step ahead of the bad guys by implementing AI-enabled solutions to strengthen email security, automate mitigation, and remediate identified threats.

Cybercriminals Already Leverage AI in Email Attacks

Cybercrooks are hungry for confidential information, account credentials, and stolen finances, using a wide array of attacks to infiltrate organizations. Some of these include phishing, social engineering, payment invoice fraud, business email compromise, and the like. To stymie bad actors, organizations leverage traditional, rules-based email security solutions including:

  • Detecting signatures

  • Blocking messages with .exe attachments

  • Allowing whitelisted messages

  • And leveraging blacklists or blocklists

These methods continue to detect and block some run-of-the-mill attacks. But as threat actors increasingly use emerging attack methods enabled by AI, they circumvent rules-based defenses to reach the inboxes of targeted victims. In fact, 91% of respondents in Osterman’s report say they are already experiencing AI-enabled cyberattacks against their organization. Roughly three-fourths of respondents agree they’ve experienced AI-enabled cyberattacks in the past six months.

Osterman Blog1

Ninety-one percent of respondents say they are already experiencing AI-enabled cyberattacks against their organization.

Cybercriminals use AI in email attacks to:

  • Create unique attacks at scale

  • Make messages more convincing by imitating the writing style and tone of the supposed sender

  • And improve message quality

With a few simple prompts, tools like ChatGPT and WormGPT quickly produce convincing, error-free email copy. Providing these generative AI tools with writing samples allows cybercriminals to mimic the sender they are trying to imitate. These malicious emails are so cogent, that they avoid threat detection by traditional security solutions and regularly deceive employees trained to look for grammatical errors and inappropriate tone.

It’s Time for Organizations to Strengthen Defenses With AI-Enabled Solutions

Threat actors aren’t the only ones changing tactics with the times. Osterman Research finds that “Nine out of ten organizations have implemented an AI-enabled email security solution beyond what is offered by their cloud email provider.” As such, many organizations rely on cybersecurity vendors to improve their capabilities and processes through AI-based security solutions.

Some of the benefits associated with working with such vendors include:

  • A better understanding of the profile and behaviors of each sender and recipient: By using AI to create a baseline of typical communication behavior—spanning location, sender, recipient, content, timing, location, and more—organizations detect risky communications before they cause problems.

  • The ability to detect anomalous sending patterns: By combining baseline email patterns, content tone, and identifying attributes of suspicious emails, AI solutions swiftly detect disguised emails that might elude human detection. This is especially useful amidst rising message volumes.

  • The capability to identify content written by generative AI (especially malicious content): Sophisticated AI-based solutions pinpoint patterns in generative messages, making it easier to identify and block messages with malicious intent.

  • Creating derivative training data for machine learning models: Machine-learning models are trained on a combined analysis of baseline sending patterns, near-match email addresses, messages containing social engineering triggers, and impersonated logos. While a close eye might identify these issues, AI reliably increases the speed of detection and remediation.

  • Strengthen incident response and remediation processes: Vendors provide improved accuracy, scalability, and real-time mitigation of email threats for understaffed and under-resourced security teams.

These sophisticated security solutions are already making a difference. According to Osterman Research, “four out of five organizations indicate that AI-enabled email security solutions have enabled them to safeguard or improve the efficacy of detecting multiple types of threats in email, even as threat actors have changed their attack methods.” It’s no wonder why addressing email security risks is among the top three priorities for 77% of respondents.

Osterman Blog2

Seventy-seven percent of respondents say addressing email security risks is one of their top three priorities or higher.

These AI-backed security solutions go beyond email to provide defenses for other communication and collaboration applications integrated with business email. Examples include commonly integrated communication channels such as Microsoft Teams, SharePoint, OneDrive, Zoom, Slack, and Salesforce. This is a boon for organizations that can defend against threats to the email environment outside just email. More than 80% of respondents consider the ability to protect other communications applications in their ecosystem as moderately or extremely important.

Osterman Blog3

When deciding on an AI-enabled email security solution, 41.5% of respondents say it’s an “extremely important” consideration while 42.2% say it’s an “moderately important” consideration.

Detection Without Responsive Mediation Is Not Enough

If threat actors gain access to sign-in credentials—particularly email account credentials—those threat actors gain access to nearly everything else the victim is able to access. Those sign-in credentials tied to email are effectively the keys to the organization. This access can include third-party applications to facilitate lateral movement, sensitive data, platform configurations that can be used to establish persistence, and, of course, a legitimate email account to launch further attacks. Once a cybercriminal has weaseled their way into your email environment, there’s no telling how long they might exist there without detection.

This is where Abnormal Security makes a difference. Abnormal provides behavioral AI-based email security that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions.

Our anomaly detection identifies and analyzes the risk of every cloud email event. This includes preventing inbound email attacks, detecting compromised accounts, and remediating issues. We provide protection for Microsoft 365, Google Workspace, Slack, Teams, and Zoom, so organizations are always steps ahead of the bad guys.

If attackers are leveraging AI, your organization should too.

Read the full report from Osterman Research: The Role of AI in Email Security.

Interested in learning more about Abnormal's AI solution? Schedule a demo today!

Schedule a Demo
AI-Enabled Security Extremely Important for Majority of Organizations, Says Osterman Research

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Sans Recap 7 11 24
Discover trends among modern SOC teams, including misaligned budgets, increased automation, unsatisfactory AI tools, staffing issues, and more.
Read More
B State and Local Government Attack Trends
Advanced attacks targeting state and local governments are increasing. Discover what our research revealed about this alarming trend.
Read More
B Examining Employee Engagement with Email Attacks
Cybercriminals know that humans are your enterprise's biggest vulnerability and are successfully engaging with your employees at an alarming rate.
Read More
Explore how Abnormal’s AI Security Mailbox enhances cybersecurity by engaging and educating employees with personalized GenAI responses. Improve security awareness and streamline operations.
Read More
B Q2 2024 Attacks
In the second installment of our quarterly look-back at malicious emails, we examine 5 more recent noteworthy attacks detected and stopped by Abnormal.
Read More