By Byron V. Acohido
It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering.
Related: AI makes scam email look real
Fresh evidence comes from Mimecast’s “The State of Email and Collaboration Security” 2024 report.
The London-based supplier of email security technology, surveyed 1,100 information technology and cybersecurity professionals worldwide and found:
•Human risk remains a massive exposure. Some 74 percent of cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.
•New AI risks have lit a fire under IT teams. . Eight out of 10 of those polled expressed concerned about AI threats posed and 67 percent said AI-driven attacks will soon become the norm.
•Email remains the primary attack vector. The newest wrinkle – Generative AI tools, like ChatGPT, are giving rise to new attack paths, compounding the pressure from old standby threats, i.e. phishing, spoofing, and ransomware
“Emerging tools and technologies like AI and deepfakes, along with the proliferation of collaboration platforms are changing the way threat actors work; but people remain the biggest barrier to protecting companies from cyber threats,” observes Marc van Zadelhoff, Mimecast CEO.
One types of email-borne exposure that continues to gut-punch companies large and small is Business Email Compromise (BEC) fraud. A study issued last August by Gartner analysts Satarupa Patnaik and Franz Hinner drills down on how legacy endpoint protections are falling short in the post-Covid, GenAI operating environment.
BEC = big losses
attackers finagle their way into corporate communications, mimicking or outright hijacking legitimate email accounts. They no longer bother with malware or link, instead focusing more so than ever on human failings. And it’s paying off to the tune of $2.7 billion in losses in just one year, according to the FBI.
The Gartner report highlights how BEC fraud often begins with an Account Takeover (ATO). Attackers infiltrate a user’s account to orchestrate their grand larceny and the collateral damage can be significant: loss of trust from customers and business partners .
Patnaik and Hinner lay out an argument as to why companies need to get on with their due diligence and move towards upgrading to AI-based secure email gateway solutions, equipped with behavioral analysis and imposter detection. Indeed, the technology and best practices to do this are readily available. For enterprises looking to bolster their cyber-defenses, Gartner recommends:
•Leveraging GenAI in what amounts to a counter attack to granularing monitor and apply security policies to every email.
•Tapping proven controls such as k DMARC, MSOAR, IAM, MFA to serve as an effective layered defense.
•Updating antiquated email protocols for financial transactions. Email alone should never be the gatekeeper for moving money or sensitive data.
•Implementing effective training to teach users and partners how to spot and sidestep BEC traps.
We now know what the post Coivd 19/Gen AI threat threat landscape looks like, folks. One crucial layer to button down is human factors, which means advanced security for the most ubiquitous communication tool: email. I’ll keep watch and keep reporting.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
April 2nd, 2024
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/my-take-why-email-security-desperately-needs-retooling-in-this-post-covid-19-genai-era/