As cybercriminals increasingly use AI to
launch more sophisticated and effective attacks, security leaders
must adapt with new forms of training
LOS
ANGELES, June 19, 2024 /PRNewswire/
-- NINJIO, an industry-leading cybersecurity awareness
training company, has released its latest report: "The
CISO's Guide to AI-powered Social Engineering." With the rapid
proliferation of AI applications such as large language models and
deepfakes, cybercriminals have never had more tools to deceive and
manipulate employees. The report covers how CISOs and other
cybersecurity leaders can prepare the workforce for AI-powered
phishing attacks, deepfakes, and other new cybercriminal
tactics.
AI has made it easier for cybercriminals to launch advanced
social engineering attacks because they don't need advanced
language skills or technical ability. Cybercriminals can produce
convincing spear phishing messages at scale, carry out multi-level
social engineering attacks with deepfakes, and use AI to conduct
surveillance on potential victims. It's the CISO's responsibility
to ensure that employees are aware of these tactics.
"CISOs can't afford to be reactive when it comes to AI-powered
social engineering," said Zack
Schuler, Founder and Executive Chairman of NINJIO. "The
threat is already here, and security leaders must remain one step
ahead of ever-shifting cybercriminal tactics. The latest NINJIO
report demonstrates how cybersecurity awareness training can adapt
to the evolving cyberthreat landscape with real-world examples of
AI-powered cyberattacks and individual behavioral interventions
that will help employees address psychological
vulnerabilities."
There are three main takeaways from the report:
1. AI has permanently changed the
cyberthreats companies face.
AI has reduced or eliminated the barriers to entry for
personalized social engineering attacks. For example, phishing was
already among the most common and financially destructive
cyberattacks, and AI-enabled tools like LLMs and deepfakes will
make these attacks even more effective. By enabling cybercriminals
to create polished and personalized phishing content — and even
follow up on this content with deepfaked "confirmation"
communications — AI gives a more threat actors the ability to
launch sophisticated cyberattacks that have a much greater chance
of success.
2. Cybersecurity awareness training
must adapt to the AI era.
Thanks to AI, it has never been more difficult for employees to
distinguish between real and malicious content. Over two-thirds of
successful breaches already involve human beings, and AI makes
social engineering attacks even harder to detect. CISOs and other
security leaders must help employees adapt to these changes by
explaining real-world cyberattacks such as deepfaked robocalls and
LLM-generated phishing messages. Employees can no longer rely on
red flags like misspellings and other errors. They must be capable
of identifying coercive language, a sense of urgency, and other
signs of psychological manipulation.
3. CISOs must maximize the impact of
cybersecurity awareness training.
While the threat of AI-powered social engineering is
intimidating for employees, the right cybersecurity awareness
training can empower them to keep their organizations safe. Beyond
concrete examples that demonstrate how much damage AI social
engineering can cause and how these attacks can be resisted,
security leaders must ensure that training is personalized and
accountable. By developing unique behavioral profiles for each
employee, security leaders can address psychological
vulnerabilities and track performance across the organization.
At a time when AI-powered social engineering attacks are
surging, an organization-wide focus on preventing these attacks has
never been more vital. To learn more about how security leaders can
help employees adapt to the AI era, download the full report
here.
About NINJIO
NINJIO is a cybersecurity awareness training company that lowers
human-based cybersecurity risk through personalized and engaging
training and phishing simulations. The NINJIO platform uses data on
individuals' emotional vulnerabilities, learning styles, and
security behavior to develop personalized learning plans that help
organizations improve cybersecurity behavior. Our multi-pronged
approach to training focuses on the latest attack vectors to build
employee knowledge and the behavioral science behind social
engineering to sharpen users' sensibilities around
cybersecurity.
Press contact:
Tom Richards:
trichards@NINJIO.com
Phone: 805-864-1999
View original content to download
multimedia:https://www.prnewswire.com/news-releases/new-ninjio-report-provides-insights-on-rapidly-growing-threat-of-ai-powered-social-engineering-302176177.html
SOURCE NINJIO