The role of AI in email security

Email remains the most common initial attack vector for cybercriminals. Infiltrating an organisation via an email-based attack can happen at any level — phishing is not only targeted at the C-suite. Once attackers have got an individual’s credentials then they can gain access. Once inside the network with one set of credentials, attackers can more easily move laterally and gain more permissions and fuller access. Even access to an employee’s mobile can be escalated into wider network access.

Early email fraud messages were often badly written and frankly unbelievable. Criminals relied on a ‘spray and pray’ approach — sending out thousands of messages in the hope that a few would stick. Traditional gateway defences are quite adept at dealing with these high-volume attacks. Barracuda’s own data shows that 16% of all email traffic is this sort of high-volume attack such as spam, malware, and other emails with a malicious payload. You still need gateway defences to stop these attacks as they remain a real danger.