Cloud-based ERP platforms like Microsoft Dynamics Business Central SaaS offer many benefits, including eliminating hosting costs, subscription-based pricing, and continuous updates each month that add functionality. The Microsoft Power Platform’s no code/low code tools can also extend functionality to your BC SaaS environment without extensive programming.

A no-code/low-code approach can also be used for cyber attacks. The AI-based tool ChatGPT is getting much attention lately due to its ability to learn and generate content based on simple inputs. ChatGPT’s underlying technology is a natural language processing or natural language generation (NLP/ NLG) that can easily mimic written or spoken human language and can also be used to create computer code.

Phishing attacks are still the most significant cybersecurity threat to businesses. The 2022 Proofpoint State of the Phish report shows that 83% of organizations suffered a successful email-based phishing attack in 2021, and 78% of companies faced a ransomware attack sourced from a phishing email.

The bottom line is that AI phishing attacks are becoming more sophisticated since they require less programming skill and ability, making a non-technical hacker more dangerous. ChatGPT can answer questions, generate content, and understand multiple programming languages. Combining this technology with hackers gaining more access to systems, bad actors can gather more data and create much more phishing content in an environment.

Traditional phishing attacks lure users into opening emails via links and images. However, most of these attacks can be spotted easily due to typos, email address from lines, fake logos, or grammatical errors. Other traditional phishing methods include session hijacking, search engines, and content injection.

What Does AI Phishing Look Like?

So what does an AI phishing attack look like in your inbox or workspace? AI phishing attacks could appear via a Microsoft Teams phone call from your manager, where your manager’s voice has been mimicked, and they want critical company information. Other attempts could include requests from your "IT department,” or a comprehensive, highly technical email that looks authentic based on recent work in your environment.

The objective of cyber attacks in 2023 is for bad actors to infiltrate networks and live there, systematically gaining user information and content.  While the days of traditional phishing and “free” gift cards or bulk spam messages are still here, AI-based phishing attacks are targeting users.

Employing a Zero Trust Framework to Minimize AI Phishing Attacks

Employing a Zero Trust security framework is crucial for midsize businesses. This security framework understands the realities of a distributed workforce — remote work — and focuses on these three principles: verify users explicitly, use least-privileged access, and assume breach.

“When you have a user that authenticates to a cloud app, you don’t just trust them to connect and get right in,” said Matthew Schmider, Technical Sales Consultant at ArcherPoint. “You always must verify who they are and provide the least number of privileges (access) to let them do their job. A Zero Trust framework is a whole new paradigm within security.”

Below are three ways to improve your company’s security using a Zero Trust framework.

  1. Improve the security of vulnerable employee devices
    • Remote working is here to stay, and endpoint security is a process where policies are developed to help supervise and authenticate access rights of endpoint devices to a network to prevent threats due to exposure.
  2. Implement monitoring and logging technology
    • Remote monitoring for your servers and IT ecosystem ensures that no surprises will cause your system to go down. It’s proactive and notifies IT of an issue that can or will affect performance or function.
  3. Enforce multi-factor authentication (MFA) and Password Managers
    • MFA creates a process that requires anyone trying to access your system to verify who they are through another process than just typing a password.

Cyber awareness training during onboarding is another best practice to ensure your employees know the latest phishing attacks and the inherent risks with outside networks.

Make Sure Your Business is Focusing on Security

As your company begins to look deeper at cybersecurity best practices, make sure you have all the correct information. ArcherPoint’s IT Managed Services division provides numerous cyber security offerings, including cyber insurance qualification assistance, endpoint security management, remote monitoring, disaster recovery services, and data security services. Contact ArcherPoint to get your questions answered today!

The post Low Code, AI-based Phishing Attacks Are on the Rise appeared first on ERP Software Blog.