'

Black Hat Fireside Chat: User feedback, AI-infused email security are both required to deter phishing

I recently learned all about the state-of-the art of phishing attacks – the hard way.

Related: GenAI-powered attacks change the game

An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

At Black Hat USA 2024, I visited with Eyal Benishti, CEO of IRONSCALES, an Atlanta-GA-based supplier of advanced email security systems. We discussed just how targeted and contextualized advanced phishing attacks, like the one I experienced, can be. For a full drill down, please give the accompanying podcast a listen.

Benishti explained how the anti-phishing protections from Google and Microsoft excel at blocking known threats but often struggle with threats that aren’t yet recognized as harmful. His observation correlates to the notion that GenAI is helping both the attackers and the defenders.

In this shifting landscape, it’s becoming very clear that difference maker is humans. Attackers are getting evermore adept at leveraging GenAI to exploit our distracted nature. More so than ever, companies need to continually train users to stay on high alert.

Quick reporting by well-trained users isn’t going to be enough. Legacy protections from Google and Microsoft typically take 72 hours to catch up, Benishti told me. He argues that human feedback must be tightly integrated into AI-infused defenses that are tuned to adapt in real-time to evolving threats.

This balancing act is just getting started. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)

The post Black Hat Fireside Chat: User feedback, AI-infused email security are both required to deter phishing first appeared on The Last Watchdog.


Go to Source
Author: bacohido