Email security is often a cat-and-mouse game where cybercriminals utilize new phishing technologies and techniques to expose vulnerabilities and avoid detection—and 2023 was no different. Recent studies from Osterman Research shed light on the rapidly evolving threat landscape, particularly with the increase in BEC (Business Email Compromise) attacks and the use of AI in email security.
This post will highlight some of the report findings and show how drastically the phishing landscape has evolved in 2023 and how IRONSCALES stayed one step ahead of the attackers.
Phishing is more than just a data risk; it's a significant drain on resources. According to the Osterman Research report, The Business Cost of Phishing, dealing with a single phishing email can take up to an average of 27.5 minutes, translating to an average cost of $31.32 per email. The same report revealed that IT and security teams spend one-third of their weekly work hours dealing with phishing threats.
Unfortunately, the report also noted that two-thirds of organizations expect the phishing problem to worsen in the next year.
IRONSCALES stands as a crucial ally in anti-phishing by combining AI and human insights to deliver better protection against advanced phishing threats with adaptive AI, improve operational efficiency with intelligent automation, and empower the organization with built-in security awareness training and phishing simulation testing technology.
One attack type that gained momentum in 2023 were Business Email Compromise attacks (BEC). These attacks, which research shows specifically targeted the financial and executive sectors of organizations, were anticipated to increase by 43.3% in the next 12 months, according to the Osterman Research report, Defending the Enterprise: The Latest Trends and Tactics in BEC Attacks. Our own IRONSCALES research revealed that from Q1 to Q2 2023, BEC attacks using “Senders with Multiple Display Names” rose by an alarming 73%.
What makes these types of attacks so popular is their profitability. Over the past few years, BEC schemes have drained billions from businesses, reaching a nerve-wracking $2.7 billion in losses in 2022 alone.
These attacks are not just limited to emails anymore; they're spreading their tentacles across various communication channels, including spear phishing emails, SMS, and social media, making them more elusive and dangerous.
To help counteract the success rate of these sophisticated BEC attacks, like spear phishing, IRONSCALES developed GPT-powered Phishing Simulation Testing to boost employee awareness of socially engineered attacks without the operational overhead. This technology utilizes our own PhishLLM to allow users to instantly generate highly personalized spear-phishing simulation campaigns to keep employees vigilant.
If 2023 could be summed up in two letters, it would be AI. ChatGPT launched at the end of 2022 but took off like a rocket in 2023. Over the next 12 months, every industry was impacted by this technology—including email security (for better and for worse). While many email security leaders, like IRONSCALES, already had AI phishing detection models, more and more cybercriminals were leveraging AI tools to craft and launch sophisticated phishing attacks, igniting the need for AI anti-phishing solutions. The Role of AI in Email Security, a study conducted in collaboration with Osterman Research, notes that nine out of ten organizations are stepping up their game by implementing AI-enabled email security solutions.
Neil Stein, the Senior Vice President of Technology Services at OrthoCarolina, notes, “With ChatGPT, the phishing emails we receive look remarkably convincing. IRONSCALES captures those threats effectively. If we didn’t have this tool on our side, it would be like shoveling against the tide, a fruitless effort. We couldn't do it. I have too many other responsibilities to keep up with all the phish that come through. IRONSCALES is indispensable.”
Read the full case study here.