With hackers now using generative AI to create near-perfect phishing emails, our traditional filters are failing. I'm seeing a massive spike in highly personalized social engineering. How are you all adapting your employee training or tech stack to counter these Cybersecurity Trends without causing massive alert fatigue for the IT team?
3 answers
We recently integrated an AI-based email security layer that looks at communication patterns rather than just metadata. It has been a game-changer because it flags "tone shifts" in emails from executives. We also shifted our training from monthly videos to "live" simulations that mimic these new AI styles. It’s definitely a challenge because the attackers are moving faster than the software updates. My advice is to focus on identity verification protocols rather than just looking for typos, as grammar is no longer a reliable indicator of a scam in the current landscape.
That sounds sophisticated, but does that new layer slow down your mail delivery or cause too many false positives for the sales team?
We started using hardware security keys for all employees. If they can’t use a password alone, the phishing attempt fails even if they click the link.
Hardware keys are definitely the gold standard right now. It removes the human error element almost entirely from the login process.
It actually hasn't been too bad on the speed side, Kevin. The main issue was the initial week of "learning" where we had to whitelist some external vendors. Once the baseline was established, the false positives dropped significantly, and it’s much better than a breach.