Celeste Lowe, General Manager Cyber Security, Ventia (previously Group Director IT Security at Nine)
Security teams are stuck in a cycle of investigating endless support tickets for phishing emails and Business Email Compromise attacks. Meanwhile, the threat continues to grow, with Australian businesses reporting losses of nearly $100M to BEC alone in 2022. To combat attacks that are increasing in both volume and sophistication, a whole new industry of user awareness training and phishing simulation has arisen, a market expected to grow from $5.6 billion globally in 2023 to $10 billion by 2027. But staying a step ahead, threat actors are now leveraging generative AI to create even more realistic attacks to fool your employees.
Trying to stay one step ahead by looking for traditional indicators of compromise is a fool’s errand, especially as AI changes the game. So what can be done? How do we stop ever-evolving email attacks from bypassing the SEG? And is user awareness training still your only saviour in the coming year?
Talking Points for group discussion:
1. What strategies are being deployed from both a technology and process perspective to combat exposure to financial losses through email threats and how effective are our current security tools at detecting new threats without IOCs?
2. How successful have user awareness training programs been in enabling employees to correctly identify malicious and fraudulent emails?
3. Have you ever felt like the board or CEO would sack you after a breach? What if the email that led to the breach was allowed in by your SEG? Would you sack your SEG?
4. What types of security is needed to prevent AI-generated attacks from reaching you?
