Most security leaders (98%) express deep concerns regarding the cybersecurity risks associated with tools such as ChatGPT, Google Bard, and similar AI-driven technologies, revealed a study by Abnormal Security.
The "The State of Email Security in an AI-Powered World" report sheds light on the primary worries of security leaders regarding the growing threat of generative AI within the corporate sector, particularly when it comes to email-based attacks. It also explores the strategies they employ to protect themselves in response to this evolving landscape.
Customers also show concerns about such AI-drive technologies, as an alarming 49% of them got tricked by counterfeit ChatGPT apps.
“Generative AI tools like ChatGPT have taken the world by storm, bringing efficiencies to individuals and businesses like we’ve never seen before. But, like everyone else, cybercriminals are also taking advantage of this technology. Threat actors can use these tools to scale email attacks in volume and sophistication, eliminating the telltale signs of an attack like typos and grammatical errors, while applying personalized context, tone, and language to make them even more deceptive. As generative AI lowers the barrier to entry for launching advanced attacks, we are entering a new and increasingly dangerous era of cybercrime, where organizations will need to rely on good AI to fight bad AI,” said Evan Reiser, CEO and Co-Founder, Abnormal.
Personalized email attacks are the main concern
The primary concern revolves around the heightened sophistication of email attacks made possible by generative AI, specifically the ability for attackers to create extremely targeted and personalized email assaults using publicly accessible data. Security leaders are not just apprehensive about these threats; a significant number of them are already encountering them.
In fact, 80% of the respondents stated that their organizations have either already encountered email attacks generated by AI or strongly suspect that such attacks have targeted them.
Despite the widespread concern, most security leaders are ill-prepared to safeguard their organizations against AI-generated email attacks. Most of the survey respondents continue to rely on their cloud email providers or outdated tools for email security. In fact, more than half (53%) still use secure email gateways to shield their email systems. Unfortunately, this traditional approach appears to be ineffective, as nearly half (46%) of the respondents lack confidence in these conventional solutions' ability to identify and prevent AI-generated attacks.
The research underscores an opportunity for a different approach, with AI-driven security emerging as the next frontier in email protection. As many as 92% of survey participants recognize the value of employing AI to defend against AI-generated email threats. Moreover, over 94% of those surveyed anticipate that AI will have a significant impact on their cybersecurity strategies in the next two years.