A new report takes an exhaustive look at how cybersecurity professionals see the current and future state of attacks, and how well vendors are keeping up.
The role of artificial intelligence (AI) in cyber attacks and cyber defenses can be pretty confusing. On one hand, vendor claims about how their security solutions use machine learning, and on the other practical examples of how AI tools like ChatGPT (and even malicious AI tools like FraudGPT) are used to assist threat actors in creating more effective attacks.
But what’s the reality of AI in cyber attacks today?
A new report – The Role of AI in Email Security from security vendor SlashNext – aims to give you a cybersecurity professional’s perspective on the use of AI on both sides of the battle. Let’s start with AI being used in cyber attacks. According to the report:
- 91% of security practitioners have experienced email-based cyber attacks that use AI as part of the campaign
- 74% have experienced an increase in the use of AI in cyberattacks in the previous 6 months
- 84% believe cybercriminals will attempt to use AI specifically to circumvent email security technologies
What about the other side? Does AI need to be used in cyber defenses? According to the report:
- 97% of security practitioners believe AI will be moderately to extremely important within the next 12 months – a sharp increase from the 64% that found it as important 12 months ago.
- 92% feel it’s important for incumbent security technologies to include AI-enabled protections
But is it in use today? According to the report:
- 66% of organizations have implemented an AI-enabled email security solution in the last 12 months
- 14% are implementing one now
- The remaining approximately 20% don’t have an AI-enabled security solution in place.
My greatest concern is that, despite the true value of AI in cyber defenses, cybercriminals will continue to have the upper hand, being able to test their next evolution of attacks against current AI-enabled solutions. This makes it necessary for users to play a role in stopping attacks – something taught through continual new-school security awareness training.