The cybersecurity landscape is shifting dramatically, as AI-powered phishing and social engineering is ramping up in organizations today.

AI tools offer immense potential for good, but they are also empowering cybercriminals to launch more sophisticated and effective phishing attacks than ever. Key concerns include the proliferation of AI-powered phishing kits, the use of AI to generate highly personalized spear-phishing emails, and the development of deepfakes for social engineering purposes. Here are some of the trends that illustrate today’s challenge:

• AI is fueling an explosion in credential phishing: According to KnowBe4, credential phishing attacks surged by 703% in the second half of 2024, largely driven by the availability of AI-powered phishing kits.
• AI-powered phishing emails are succeeding: According to Malwarebytes, researchers have found that AI-powered spear phishing emails achieve click-through rates (CTR) of 54%, compared to those crafted by human experts. Not only that but AI achieves this at a fraction of the cost and effort.
• AI is circumventing existing safety measures: Existing safeguards designed to prevent AI models from being misused for malicious purposes are proving ineffective.
• Deepfakes are being used for social engineering: According to Help Net Security, AI is being used to create highly convincing deepfakes, which can be weaponized for sophisticated social engineering attacks.
• File-sharing services are also being exploited: File-sharing services are increasingly being exploited as a vector for phishing attacks, with phishing volume linked to file-sharing increasing 350% between June 2023 and June 2024.

Maybe none of these trends surprise you, but the numbers behind some of these trends are eye-opening. Awareness of AI-driven phishing and social engineering attacks is high, but organizations are still struggling to adapt their security strategies and effectively train employees to identify and avoid these threats.

What can your organization do to help combat these threats? Here are four ways to protect yourselves:

• Security awareness training: Educate employees about the evolving nature of phishing attacks and how to identify them. This training needs to be periodic and address updates as the cyber landscape changes.
• Advanced email security solutions: Implement solutions that utilize AI and machine learning to detect and block sophisticated phishing attempts. Fight AI with AI!
• Regular security assessments: Conduct regular assessments to identify vulnerabilities and improve security posture.
• Multi-factor authentication (MFA): I should add “duh!” to this one. 😉 MFA adds an extra layer of security and makes it more difficult for attackers to gain access to accounts. Every solution should provide an ability to implement MFA, and every organization should exercise those options – those who don’t are practically begging to be breached.

AI-powered phishing and social engineering is taking cyberattacks to a new level and the cybercriminals are just beginning to learn the potential of what AI can do to facilitate their attacks. You need to know as much as they do – and more – to maximize the ability to protect your organization.

So, what do you think? What is your organization doing to combat AI-powered phishing and social engineering threats? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.