AI is being seen as both a major threat and a security savior in the fight against phishing and malware, according to research from CyberRisk Alliance. The group found that while organizations were planning to integrate AI tools into their email security platforms, many also remain weary of what it will do in the hands of threat actors.
The report, based on a survey of 179 security administrators and executives in North America, polled respondents on their own views and plans on a number of issues related to email security, including their views on how AI could influence the industry.
In general, respondents had a favorable view on AI. Some 15% of those surveyed classified themselves as “early adopters” in emerging email security applications, including AI-based detection and automation tools.
One respondent said that their organization had recently updated its strategy for email security by “Hoping for AI to bring better detection and prevent more false positives.”
Even more importantly, companies that don’t consider themselves to be on the cutting edge of email security adoption plan to include the rollout of AI. Of the companies that don’t consider themselves early adopters, 59% said they would classify their organizations as being amongst the “early majority” considering the use of AI.
According to the survey, some 50% of organizations said they are planning to introduce AI and automation tools in their email security strategy, which was the most popular of all email security strategies to be planned for deployment.
“Our people get it and challenge a lot of the malicious emails that come through. Fortunately for them we have good email security defenses that don't give them many opportunities to triage malicious emails. A blessing in disguise,” said one respondent.
“In addition, threat actors are using novel tactics and that presents a continual challenge in keeping in lock step (plus one step ahead) with the threat actors.”
At the same time, there is no shortage of anxiety about what will happen when the bad guys get their hands on AI tools. The study found that 57% of organizations are either “very” or “extremely” concerned about the turn email security will be taking over the next 12 months.
Chief amongst those concerns was the adoption of AI by threat actors. Topping their lest of top concerns at 55% was the fear that threat actors will be able to use AI tools to make their fishing attacks not only easier to automate, but also more effective in convincing targets to click links or open attachments.
“The tests executed by the Sec Ops team has become more realistic and harder to discern from a typical attack,” said one respondent. “That tells me the threat actors are also getting better thanks to AI.”
