To err is human – and the number one cause of cybersecurity disasters is human error. Even employees that are trained in phishing resistance can still be fooled by a well-crafted social engineering attack, unleashing a devastating disaster on your business. Is AI the answer to eliminating that vulnerability and creating a better phishing defense?
It’s an unfortunate fact that 90% of incidents that end in a data breach start with a phishing email. Most companies understand the value of conducting regular security awareness and phishing resistance training to prevent damage from phishing-related cybercrime. But as factors including an increase in email volume, massive dumps of Dark Web data to power phishing attacks, a new remote work reality in worrisome times and a challenging economy come together, phishing resistance training isn’t always enough on its own to keep employees from falling for carefully socially engineered cybercriminal tricks.
Phishing is a Growth Industry
The advent of the global pandemic in early 2020 created a golden opportunity for cybercrime and a recipe for disaster for businesses. Email volume increased dramatically as did phishing threats – Google named COVID-19 its biggest phishing topic in history, noting an increase of more than 660% in phishing email in 2020. This led to a surge in email-based cyberattacks. A stunning 90% of companies experienced an increase in cyberattacks in 2020, and more than half of those attacks were that email menace, ransomware.
Phishing is a favored tool of cybercriminals because it’s cheap, easy and effective – more than 60% of cybercriminals rely on phishing as their primary method of attack. It also works. In a recent study, one-fifth of the surveyed employees fell for phishing tricks and interacted with spurious emails, with more than two-thirds of those who interacted with the messages going on to enter their login credentials.That works out to one in ten employees supplying their login credentials to cybercriminals – and the survey set was made up of employees that had gone through security awareness training.
Cybercriminals were quick to take advantage of the fortuitous circumstances that the initial chaos and uncertainty of the global pandemic created. By unleashing a blizzard of carefully crafted spear phishing messages using advanced social engineering techniques, many cybercriminals were able to entice even wary employees to click. Some popular COVID-19 based phishing scams that emerged during that period included malicious PDFs of infection data maps, falsified government email directing people on how to collect benefits, fake messages from trusted sources like WHO or CDC, and innumerable business and executive email fakes directed at employees who weren’t used to the hazards of remote work.
Social Engineering Has Unexpected Allies
So what caused seemingly well-trained employees to fall for so many phishing attacks? Psychology. Worried, stressed, employees who are out of their depth make more mistakes, like clicking on phishing messages. In a comprehensive study of over 1,000 remote workers, 47% of respondents cited distraction as the main factor in their failure to spot phishing attempts. Over half of employees said they were more error-prone while stressed, while 41% admitted that they made more mistakes when they felt tired. All told, the additional pressure brought on by world events resulted in 43% of the surveyed employees reporting that they had made mistakes resulting in cybersecurity repercussions for themselves or their company.
That’s a just one excellent reason for companies to embrace AI email security technology. AI doesn’t react to global events. It doesn’t experience fear, stress, exhaustion, or uncertainty. In tumultuous times, AI phishing protection is a must-have to prevent employees from being drowned in a wave of alarming, unexpected messages with too little time to make careful judgements. Choosing AI email security technology that learns your company’s communication patterns and continulously refines your protection means that your employees aren’t faced with making as many decisions in stressful times and your IT teams have one less potential trouble source to worry about – a boon to your cybersecurity.
Faster, Better, and Stronger Than a SEG
The biggest advantage with AI technology is that it never stops learning, so it’s constantly updating its knowledge of threats and potential trouble. This smart evolution enables AI-powered automated email security to catch more potentially problematic email than old-fashioned tools like a Secure Email Gateway (SEG). Unlike a traditional SEG, AI also doesn’t require complicated maintenance, complex integrations, or threat intelligence information from other sources to do its work. Making the switch to AI gives businesses the advantage of always-on, fast, smart, enduring protection without fuss, eliminating pain points for everyone in the company.
AI is the definitive answer to the problem of social engineering in cybercrime. Removing the human element from cybersecurity situations removes the chance of a negative outcome due to human error. By adopting modern, AI email security technology, companies can feel confident that they’ve put the best possible protection between their employee inboxes and phishing email.