A couple of years ago and perhaps not even that far back, it wasn’t difficult to spot a fraudulent email. Mistakes, such as poor grammar and spelling, were common. Emails also typically lacked personalization, using phrases such as “Dear Customer,” instead of your name. Emails often pressured recipients to act quickly.

Even hyperlinks sometimes looked funny. URLs didn’t quite match what the hacker appeared to be communicating.

Today, many fraudulent emails look a lot different because AI-powered sophistication has substantially upped the game. Phishing emails look very similar to legitimate emails, and, increasingly, appear nearly identical. Grammar is virtually perfect, and content is personalized. Attackers can even mimic voices and create convincing videos to trick recipients. Bottom line, AI has made it much harder to spot fraudulent emails. If you’re ever unsure about an email, it’s best to err on the side of caution and contact the purported sender directly.

Traditionally, cybersecurity has looked only at how to lower cyber risks and protect an organization. Due to the explosion of artificial intelligence--a key development increasingly gathering attention-- this has become insufficient.  What is now needed and rapidly taking shape is the buildup of cybersecurity resilience.

The fact is, cyberattacks inevitably occur. To ensure business continuity and minimize the impact of cyberattacks when they arrive, organizations must be prepared for the worst-case scenario. This means organizations enable their employees to proactively recover from cyber incidents swiftly and effectively and minimize damage. These challenges must be addressed in spite of the eruption of remote work and rapidly evolving cyberthreats that can evade traditional detection methods and hard-to-stop automated attacks at scale.

To undermine increasing vulnerability to sophisticated cyberattacks, it has become critical for organizations of all sizes to build robust defenses against AI-powered threats. For help, many of them are turning to the NIST Cybersecurity Framework, a voluntary set of guidelines created by the National Institute of Standards and Technology (NIST). This helps organizations of all sizes understand, manage, and reduce their cybersecurity risks by providing a structured approach to identify, protect, detect, respond to, and recover from cyberthreats.

A good example of the value of cybersecurity resilience occurred a few years ago when Maersk, the world’s largest container shipping company, was hit by a NotPetya ransomware attack, crippling its operations. With better protection than its competitors, Maersk's incident response plan (IRP) kicked into gear rapidly, isolated affected systems, and activated robust backups, enabling it to restore critical systems and data relatively quickly. Despite the disruption, Maersk was able to maintain essential operations, albeit with some delays, and thus kept goods moving.

Maersk also made a point of communicating with customers and partners, helping the company to maintain customer trust and preserve its reputation. Later, the company continued learning more and went on to strengthen its cybersecurity on multiple fronts, including enhanced employee cyber training.

Some cyber pundits contend that cyber resilience may actually be more important than cybersecurity itself. Cybersecurity is mandatory, yet inherently limited. On the other hand, resiliency is about keeping the lights on with no downtime. Strong cyber resilience will help an enterprise continue functioning even during the worst of times, as evidenced by the attack on Maersk. This is particularly important now because the average cost globally of a cyber breach last year soared to just under $4.9 million–a 10% increase last year and the highest total ever.

AI-powered cyberattacks are characterized by their ability to automate various stages of an attack, adapt in real-time to defenses, personalize attacks based on individual targets, and operate at high speed. This makes them significantly stealthier and more difficult to detect in comparison to traditional attacks. 

In addition to automation, here, briefly, are other key characteristics of AI-powered cyberattacks:

+ Efficient Data Gathering. The initial phase of every cyberattack is reconnaissance. During this period, cyber attackers will search for target assets and exploitable vulnerabilities. AI enables adversaries to drastically shorten the research phase.

+ Customization. Among the key capabilities of AI is data scraping. This occurs when information from public sources, such as social media sites and corporate websites, is gathered and analyzed. In a cyberattack, this information can be used to create highly personalized, relevant, and timely messages–the foundation for phishing targets and others that leverage social engineering techniques.

+ Reinforcement Learning. AI algorithms learn and adapt in real time. In the same way that these tools continuously evolve to provide more accurate insights for corporate users, they also evolve to help adversaries improve their techniques or avoid detection.

+ Employee Targeting. AI can be used to identify individuals within an organization that are high-value targets. These are people who may have access to sensitive data, broad system access, or who have close relationships with other key targets.

One positive development is that cybersecurity budgets, which need more money to enhance AI, continue to grow. According to Gartner, this number reached $184 billion globally in 2024, up from $162 billion in 2023, and is projected to swell to $212 billion in 2025 and $294 billion in 2028. In addition, incident response plans, which had been growing slowly, are now growing faster, and companies are increasingly inclined to adopt advanced security solutions, such as AI-powered threat detection and Zero Trust architecture.

The upshot is that the on-growing growth of resilient cybersecurity is crucial but remains an ongoing challenge. While significant progress has been made, the constantly evolving threat landscape demands continuous innovation, investment, and adaptation to effectively address growing cybersecurity risks.