Global Security Forum

 View Only
  • 1.  Who is better at phishing - humans or AI

    User Group Leader
    Posted Tue October 24, 2023 02:22 PM
    Edited by Wendy Batten Wed November 01, 2023 12:27 PM


    IBM Chief People Hacker, Stephanie Carruthers
    , launched a phishing test at a global health provider to answer this question and explore the potential impact of AI on social engineering attacks today and tomorrow.

    Find out the final results in her blog here. 



    ------------------------------
    Wendy Batten
    Community Manager
    IBM Security
    wjbatten@us.ibm.com
    ------------------------------



  • 2.  RE: Who is better at phishing - humans or AI

    Posted Wed November 01, 2023 12:10 PM

    Sounds like a very cool experiment to the least, but when I try to open the blog I get an error 404..



    ------------------------------
    Dobrin Georgiev
    ------------------------------



  • 3.  RE: Who is better at phishing - humans or AI

    User Group Leader
    Posted Wed November 01, 2023 12:29 PM

    Thank you for sharing, blog link has been updated. 



    ------------------------------
    Wendy Batten
    Community Manager
    IBM Security
    wjbatten@us.ibm.com
    ------------------------------



  • 4.  RE: Who is better at phishing - humans or AI

    Posted Tue November 14, 2023 05:40 AM
    Edited by Jose Arias CISSP, ITIL, DORA Tue November 14, 2023 10:39 AM

    Thanks @Wendy Batten

    A critical takeaway from the article is the alarming rate at which AI is empowering phishing attacks. AI's ability to analyze vast amounts of data and mimic human behavior has led to more personalized and convincing phishing attempts. This evolution necessitates a shift in how cybersecurity is approached, with an emphasis on advanced detection systems and increased awareness training for users.

    This piece really underscores a kind of cat-and-mouse game in cybersecurity. It's like as soon as we get wise to their tricks, hackers find a new way to up the ante, especially with AI in their toolkit. It makes you think – maybe the real key in staying ahead isn't just in the tech we use but in understanding the human factor behind these attacks. Keeping people informed and alert might just be our best defense against these increasingly clever phishing scams.



    ------------------------------
    Jose Arias
    ------------------------------



  • 5.  RE: Who is better at phishing - humans or AI

    User Group Leader
    Posted Tue November 14, 2023 12:08 PM

    Thank you, @Jose Rodriguez

    I appreciate your input. Have you thought about joining our IBM Champions program. We would love to have you. Learn more here:

     

     

    Many thanks.

     

     

    ___________________________________________________
    Wendy Batten
    IBM TechXchange, Community Manager
    Security + Cloud
    wjbatten@us.ibm.com
    IBM 

    For IBMers: Access W3 for help with TXC Communities
    FAQ Security Community
    FAQ Cloud Community






  • 6.  RE: Who is better at phishing - humans or AI

    Posted Tue November 14, 2023 02:35 PM

    @Wendy Batten I think you made a mistake with my name It's Jose Arias :)
     
    I have a couple of questions about the program, I write you by personal message


    ------------------------------
    Jose Arias
    Mainframe Security Specialist

    Mainframe Blog in Spanish: https://mainframeseguro.blogspot.com/
    ------------------------------



  • 7.  RE: Who is better at phishing - humans or AI

    IBM Champion
    Posted Wed November 15, 2023 07:56 AM

    Jose (your name or user name does not come up in the directory) but you make a great point though - especially because some of the attacks that come up are not really easily dealt with by "security awareness" and just "staying informed" because just keeping the tools up to date against genAI that can generate polymorphic malware that can change its appearance away from fixed code patterns through genAI is difficult for signature-based detection.  Moreover phishing that can dynamically alter its own attack patterns to bypass detection tools make traditional static detection sort of obsolete, and many of the "heuristic" and "annealing" systems I have seen in demos are just not there yet.



    ------------------------------
    Weiyee In
    ------------------------------



  • 8.  RE: Who is better at phishing - humans or AI

    Posted Wed November 15, 2023 10:10 AM

    @Weiyee In Thanks for letting me know... not sure if @Wendy Batten can do something with that.

    Thank you for your insightful comment. You make an excellent point, particularly in highlighting the limitations of traditional cyber threat detection methods in the face of advanced polymorphic malware generation and dynamic phishing techniques. As you rightly pointed out, many heuristic and annealing systems, although promising, are still in their nascent stages and may not fully meet the demands of this new landscape.

    This situation opens up a valuable discussion on the integration of advanced artificial intelligence and machine learning in cybersecurity.

    It's a reminder that in the field of cybersecurity, we must always be learning, adapting, and staying ahead of the curve.



    ------------------------------
    Jose Arias
    Mainframe Security Specialist

    Mainframe Blog in Spanish: https://mainframeseguro.blogspot.com/
    ------------------------------