Generative AI Tools Are Fueling a Steep Rise in Phishing E-mails. They Can Also Help SMBs Stop the Onslaught.

The past 18 months have seen awareness and implementation of generative AI tools skyrocketing, with some estimates suggesting that nearly 75 to 80 percent of Fortune 500 companies are already integrating the technology into their business operations to some degree. The most popular of these tools, ChatGPT, has garnered more than 180 million users since its launch in November 2022.

Small and medium-sized businesses are increasingly turning to these applications as well, as they look to streamline customer service, enhance lead generation, and improve marketing materials, among other benefits.

But as often happens with paradigm-changing technologies, adoption by one group of users may be outpacing everyone else: criminals.

According to cybersecurity firm SlashNet, there has been a 1,265% increase in malicious phishing e-mails since the fourth quarter of 2022 – a stunning increase that can be directly tied to the advent of widely-available generative AI tools.

What’s even more concerning is that generative AI is not just accelerating the quantity of malicious attacks – it is also dramatically transforming the quality of phishing efforts. The impact can be seen both on the front end (the sophistication and clarity of the messages received by unsuspecting users) and the back end (facilitating rapid changes and variations in malware coding that make phishing efforts harder to detect).

Unfortunately, generative AI is helping to rapidly eliminate so many of the red flags that once tipped us off to bad actors: frequent misspellings, poor grammar, incorrect names and the like. Ever more frequently, these phishing attacks accurately mimic the language and tone of “official” communications, and can easily be customized to specific recipients, making it harder than ever to detect fraudulent e-mails.

There are, however, steps that every small and medium-sized business can take to minimize the risks that they face.

As always, the most powerful tool remains education and training. Not once, nor twice, but constantly. Literally any employee that has access to an organization’s IT systems needs frequent reminders of the risks posed by phishing and similar attacks as well as training on how to recognize and avoid traps placed by bad actors.

Education and training provide the foundation for creating a culture of security awareness. Companies with this mindset talk about the risks openly – the very real costs associated with crippled operations, financial losses, and damage to brand image, among others – and recognize and reward employees who identify and take steps to avoid cyber-intrusions.

While culture is one powerful line of defense for SMBs, technology is also a vital part of the solution. The good news is that the same tools that can pose a threat to a business are also the ones best suited to protecting them.

Today’s best security software applications deploy AI and machine learning to constantly monitor, detect and block phishing attempts as they evolve in real time. Many managed service providers (MSP) that support SMBs employ these advanced tools.

These developments may seem overwhelming for SMBs wishing to focus solely on core business issues such as customer engagement and growing market share. But understanding and addressing the threats posed by cyber-crime are just as essential to running a successful business.