Three Enterprise Email Security Predictions To Help Your Team Prepare

Anticipating the Future: Three Enterprise Email Security Predictions to Bolster Your Team's Defenses

Anticipating the Future: Three Enterprise Email Security Predictions to Bolster Your Team's Defenses


With 2023 now officially behind us, I think it’s safe to say that 2023 will be etched into the timeline of tech history as the year AI entered the mainstream. And what an entrance it made. Before the first month of 2023 had come to a close, ChatGPT had already become the fastest-growing consumer app of all time, having reached 100 million monthly active users just two months after its release.

Over the following 11 months, we saw not just ChatGPT but the very idea of artificial intelligence itself seep into almost every corner of our cultural consciousness—becoming the hot-button issue dominating discussions surrounding everything from education and employment to entertainment and copyright law.

I’m confident that it will be some years down the road before we’re able to fully grasp the significance of this moment in technological history. At the same time, however, it’s taken no time whatsoever for us to begin feeling its effects. And perhaps nowhere have those effects been felt more acutely than in the world of cybersecurity.


If 2023 Was The Year Of Generative AI’s Arrival, 2024 Will Be The Year It Makes Its Presence Fully Felt

Although the arrival of generative AI had significant, near-immediate effects on the cybersecurity landscape in 2023, we undoubtedly haven’t yet seen the full extent of those effects. As the technology matures, adoption grows, and bad actors become more adept at using the tools, we’re bound to see significantly greater impacts on the security landscape.

As hackers use AI to launch ever more sophisticated attacks with ever-increasing frequency and precision, organizations will have no choice but to fight fire with fire—adopting AI-enabled security solutions capable of detecting and deflecting these advanced threats, as well as freeing up their already over-extended SOC teams to get more done with limited time, talent and resources.


So, as the AI arms race accelerates, the IRONSCALES team foresees the following trends taking center stage in 2024:

1. 2024 will usher in the age of account-based phishing (ABP).

Generative AI will bring about a new generation of hyper-targeted attacks that will render traditional spear phishing obsolete.

As traditional anti-phishing defenses become markedly better at detecting things like malicious links and attachments, attackers are turning to generative AI to breathe new life into perhaps the oldest strategy in the book—social engineering. In simplest terms, social engineering seeks to convince targets to do things they wouldn’t otherwise do through psychological manipulation and confidence tricks. As such, these attacks are almost entirely language-based, and with generative AI, bad actors can generate much more effective messages with much greater frequency and targeting. Thanks to sites like LinkedIn and The Org, bad actors can now easily familiarize themselves with the organizational structures of different businesses and use that information to craft more convincing, targeted attacks. With this in-depth organizational info and increasingly customizable LLMs at hand, we will see a dramatic uptick in this form of “account-based phishing”—including more sophisticated business email compromise (BEC) attacks, VIP impersonation attempts, vendor email compromise (VEC) and even the use of AI agents for automated campaigns.

2. Image-based attacks, such as QR code phishing, will skyrocket.

Based on current trajectories, image-based attacks are on track to triple from 2023.

2023 saw a dramatic, unexpected uptick in the frequency and volume of image-based phishing attacks, most notably QR code phishing. From Q1 to Q3 of 2023, our own IRONSCALES platform saw a 215% increase in the use of malicious images in phishing emails. Based on the current trajectory, we expect this trend to continue well into the new year. This brand of phishing attack uses imagery, such as QR codes, reversed text, and, of course, everyday image files, as a way to sidestep newer, AI-enabled security tools using NLP to detect threats through linguistic analysis. This surge in image-based attacks has been enabled by the rise of multimedia-based generative AI (genAI) tools, such as DALL-E and Midjourney, which allow users to generate completely original, professional-quality images in seconds. To prepare for the rising tide of image-based attacks, organizations should ensure they are featured prominently in their ongoing security awareness training (SAT) efforts in 2024.

3. Cybersecurity expertise will finally find a place in the boardroom.

No longer able to ignore the tumultuous threat landscape, businesses will make cybersecurity expertise a priority for senior leadership.

recent study revealed that in 2023, only 12% of S&P 500 firms had board members with relevant cybersecurity credentials. Meanwhile, a similar study from the Wall Street Journal found that those members made up just 2.3% of the total directorship overseeing S&P 500 companies. Nevertheless, the research revealed that, despite the disheartening figures, there was a noticeable uptick in cybersecurity chops in corporate boardrooms from the previous year. With the relentless escalation in the frequency, magnitude and overall financial repercussions of cyberattacks annually, we anticipate that 2024 will witness a concerted push within boardrooms to fortify their cybersecurity proficiency. This proactive stance aims to prevent a frenzied scramble to address the void in the aftermath of a severe breach.

Understanding AI As A Leading Threat And A #1 Ally

As is true of all major technological advancements, AI’s arrival has evoked a wide array of opinions, ideas and emotions. And in my opinion, that’s a good thing. As is also true of all transformational technologies, AI has the potential to do a great deal of harm as well as good, and which of those two outcomes prevail will come down to how we, humans, make use of it. It will be determined by how carefully we consider the technology’s potential impacts and how thoughtful and rigorous we are in foreseeing and forestalling potential problems before they get away from us. I foresee this balancing act being central to the future of not only cybersecurity but also all of society, and that will undoubtedly remain true not only throughout 2024 but also into the foreseeable future.

© 2023 SRC Cyber Solutions LLP. All Rights Reserved.