Does AI lead to increased phishing attacks?

Over 6 in 10 companies impacted by ransomware attack from software supply chain partner, finds report

Does AI lead to increased phishing attacks?

The use of artificial intelligence (AI) in the workplace is leading to more cyberattack troubles for employers, according to a recent report.

Overall, 45% of both small and medium-sized businesses (SMBs) and large enterprises have seen a rise in phishing attacks due to an increased use of AI, reports OpenText.

And among those who experienced a ransomware attack, 69% have observed an increase in phishing attacks due to the increased AI usage.

Overall, 48% SMBs and enterprises have experienced ransomware attacks, and 73% have experienced ransomware attacks in the last year. Among them, a little less than half (46%) paid the ransom: 31% of their ransom payments were between $1 million and $5 million.

At the same time, almost all (97%) successfully restored their organization's data.

"SMBs and enterprises are stepping up their efforts against ransomware, from assessing software suppliers to implementing cloud solutions and boosting employee education. However, the increase in organizations paying the ransom only emboldens cybercriminals, fueling more relentless attacks," says Muhi Majzoub, executive vice president and chief product officer, OpenText.

A recent report revealed the "widespread and severe" concerns of IT professionals over the cybersecurity threat posed by deepfake technologies.

Attacks originating from a software supply chain partner

Among SMBs and enterprises who experienced cyberattacks, many of the incidents are not coming from just anywhere, finds OpenText’s survey of 1,781 c-level executives, security professionals and security and technical directors from SMBs and enterprises in the United States, the United Kingdom, Australia, France, Germany and India from Aug. 23 to Sept. 10, 2024.


Source: OpenText

These attacks persist even though almost three-quarters (74%) have a formal process for assessing the cybersecurity practices of software suppliers. And 26% still do not have this kind of process in place.

Also, 91% of respondents require employees to take security awareness and phishing training, and 66% conducted training at least quarterly. In 2023, only 39% conducted training once per quarter.

"Businesses must proactively defend against sophisticated threats like supply chain vulnerabilities and AI-driven attacks, while ensuring resilience through data backups and response plans, to avoid empowering the very criminals seeking to exploit them,” says Majzoub.

In 2024, 62% of SMB respondents are investing more in cloud security, up from 56%  in 2023.

Nine in 10 (90%) of employers are planning to increase collaboration with software suppliers to improve security practices in the next year, according to the report.
One in five Canadian businesses have fallen prey to payment fraudsters this year, according to a separate report. That is higher compared to the 13% of consumers who have been victims of the scheme, reports Payments Canada.