91% of Security and IT Professionals Agree Cybercriminals are Already Using AI in Email Attacks, per Report from SlashNext and Osterman Research
August 2023 by SlashNext in partnership with Osterman Research
SlashNext released a report and whitepaper in partnership with
Research, a market research and consulting firm. The report, titled “The
Role of AI in Email Security,” includes data from a recent survey of U.S. tech and security leaders at organizations of at least 1,000
employees, and sheds light on their views of how AI is being weaponized by cybercriminals in email and other messaging-based attacks, and how they are preparing to defend their organizations against these attacks using AI-enabled security solutions.
The report reveals that 91% of respondents either agreed or strongly agreed that cybercriminals are already using AI in email attacks targeting their organizations,
with 74% indicating they have experienced an increase in the use of AI by cybercriminals in the past six months. Similarly, 88% of respondents believe cybercriminals will continue to innovate in their use of AI in these types of attacks going forward. This
strongly echoes what security experts and researchers have been warning since ChatGPT became publicly available just a few short months ago, and spinoffs of ChatGPT developed with malicious intent, such as
entered dark web forums.
“Protecting email has always been a top security concern for businesses given its inherently insecure nature and the incredible access it can offer an attacker
should they succeed in compromising a user’s account,” said Patrick Harr, CEO, SlashNext. “However, email is not the only channel cybercriminals use to target employees. The
shows rapidly increasing rates of attacks on mobile devices and other messaging channels such as Slack, LinkedIn, Microsoft Teams, and
this study by Osterman Research demonstrates that security and IT professionals are actively seeking security solutions that offer protections to these channels as well.”
Additional key data points from the report include:
25% of respondents indicated email security is their top concern, with another 52% indicating it is among their top three concerns.
Email provides access to almost everything else within an organization, and from its early inception was not designed to be inherently
secure – this has made it both a prime target for bad actors and an incredibly difficult attack surface to defend.
The percentage of respondents ranking AI as “extremely important” to their email defenses has increased more than fourfold over the
past 12 months, and a total of 92% of respondents currently rate it as moderately or extremely important.
90% of respondents confirmed they have implemented an AI-enabled email security solution beyond what is offered by their cloud email
After adopting AI-enabled security solution(s), four out of five organizations observed improved efficacy in detecting multiple types
of threats in email (e.g. targeted spear phishing, BEC, account compromise of internal employees, malicious attachments and URLs, etc.), even as threat actors have changed their attack methods.
83.7% of respondents said the ability to protect other communications applications in their ecosystem (e.g. Teams, SharePoint, Zoom,
Slack, etc.) was moderately or extremely important when evaluating AI-enabled email security solutions
“Our research clearly demonstrates a critical need for organizations to protect more than just email – IT and security leaders are focused on their complete attack surface and recognize
the increasing threat of malicious messages reaching employees via other communication and collaboration tools such as SharePoint, Slack, Zoom and Teams,” said Michael Sampson, Principal Analyst, Osterman Research. “What’s more, our research indicates that
these IT and security leaders view specialized AI-based solutions as key to their current and future defenses when it comes to email and multi-channel security. The security community is clearly embracing the idea that we must fight AI with AI.”
The Osterman Research report was sponsored by SlashNext, Abnormal Security, IRONSCALES, KnowBe4, Mimecast, Perception Point and SonicWall. Read “The