Protecting against AI-enhanced email threats

Generative AI based on large language models (LLMs) has become a valuable tool for individuals and businesses, but also cybercriminals.

Its ability to process large amounts of data and quickly generate results has contributed to its widespread adoption.

AI in the hands of cybercriminals

According to a report from Abnormal Security, generative AI (GenAI) is likely behind the significant uptick in the volume and sophistication of email attacks on organizations, with 80% of security leaders stating that their organizations have already fallen victims to AI-generated email attacks.

Even though humans are still better at crafting effective phishing emails, AI is still immensely helpful to cyber crooks: even less-skilled hackers can use it to easily craft credible and customized emails, with no grammar and spelling mistakes, nonsensical requests, etc.

It also allows phishers to seamlessly widen the pool of prospective victims to include speakers of languages they themselves don’t speak.

Combined with AI-driven bots, AI-generated phishing emails can be distributed to a massive number of recipients in a short time span.

AI has also given cybercriminals the ability to perfect business email compromise (BEC) scams and spear-phishing attacks by adding deepfakes: a powerful weapon capable of fooling a larger number of recipients and evade detection by traditional email security systems.

Boosting email security with AI

But cybercriminals are not the only ones benefiting from the evolution of AI. In the hands of security practitioners, AI can be a powerful tool that can help protect organizations from sophisticated threats.

Check Point has laid out three main benefits of AI for email security:

• Improved threat detection – AI can spot new and advanced phishing attacks
• Improved threat intelligence – AI can automate the generation of IoCs, making them instantly applicable
• Faster incident response – AI can swiftly isolate or address security incidents

AI can monitor email traffic and detect irregularities in communication patterns that often indicate phishing attempts. It has the ability to understand email content, identifying signs of phishing, and can also evaluate attachments for malicious content and identify potentially harmful URLs.

Even though many believe AI will be used to skip traditional email protections, this doesn’t mean that organizations should abandon them completely. Instead, they need to combine old and new technologies to boost email security.

Another crucial tactic includes hiring personnel that is experienced in both cybersecurity and AI, or upskilling current employees to empower them in fighting “bad AI” with “good AI”.