Intelligent CISO Issue 72 | Page 28

EDITOR ’ S question

DANIEL HOFMANN , CEO , HORNETSECURITY
he stark reality is that email , the

T primary channel for business communication , is also a hotbed for sophisticated cyberthreats . To minimise risk and alleviate stress , scrupulous security hygiene must be in place .

As Hornetsecurity has observed , malicious web links in emails have surged from 12.5 % to 30.5 % of all threats within the last year , confirming an escalating threat landscape . Phishing remains the main method of attack , now accounting for 43.3 % of incidents . There has never been a more important time to implement a robust email security strategy , incorporating next-gen technology to protect against known and evolving attacks , be they in the form of ransomware , viruses , spear-phishing or zero-day attacks .
Enabling Multi-Factor Authentication ( MFA ) is another important step in enhancing defence , acting as an additional security layer to traditional passwords by introducing a compulsory second verification . While not 100 % fool-proof , this approach can significantly reduce the risk of unauthorised access to email and other sensitive data , even in the event of compromised credentials . However , this is just a small part of a comprehensive strategy .
The adoption of Generative AI has had a seismic impact on the industry . While it provides organisations with advanced detection and response capabilities , it also presents alarming new opportunities for exploitation by cybercriminals . Hornetsecurity has been using AI-powered email filtering technology for a number or years to identify and block incipient , sophisticated or as yet unknown threats – and is part of the company ’ s commitment to continually adapt to the dynamic threat environment .
One particularly concerning application of AI by threat actors is the rise of Dark Web variants of Large Language Models ( LLMs ), such as WormGPT .
To minimise risk and alleviate stress , scrupulous security hygiene must be in place .
The technology automates threats both rapidly and with worrying authenticity , and crucially , exposes people without existing security awareness skills to great risk . Large-scale phishing scams can now be conducted by novice criminals in a targeted way , and LLMs can instantly translate texts to reach more international markets .
The rapid evolution of malicious AI attacks , including variants that automate and increase the sophistication of cyberattacks , requires a multi-faceted approach to company security encompassing both technical and human factors . The World Economic Forum identified that 95 % of all cybersecurity incidents are caused by human error . Regular cybersecurity training is essential to empower employees to identify and mitigate potential threats – such as Hornetsecurity ’ s Security Awareness Service , which includes phishing simulations . A Zero Trust mentality must be in place , where everyone in the organisation scrutinises each email . Addressing the human element acts as a critical line of defence and helps convert an organisation ’ s weakest link into an ally in the battle against cyberattacks .
Lastly , proactivity is key for peace of mind . Far too many companies take action only after falling victim to an attack , where they learn about vulnerabilities once they ’ ve been exploited .
Generative AI has fundamentally altered the battlefield of cybersecurity – but a proactive , comprehensive approach to security that covers both technical and human vulnerabilities can be extremely effective .
28 WWW . INTELLIGENTCISO . COM