AI’s Impact on Credential Security: 5 Takeaways from Our Expert-Led Fireside Chat

Artificial intelligence (AI) has turbocharged phishing attacks, making past attempts look like amateur hour, said award-winning cybersecurity and AI expert Graham Cluley in a Dashlane-hosted fireside chat.

He was joined by Dashlane Chief Technology Officer Frederic Rivain to discuss how the cybersecurity landscape is evolving given the rise of AI and shadow IT, but the conversation about the dangers of AI stole the show.

This new technology can also be used as a means of defense as AI and machine learning (ML) tools can be trained to detect the red flags that indicate a phishing attack. As IT leaders prepare for the new age of AI, it’s essential to understand its impact on credential security. 

If you missed the fireside chat (or you’d like a refresher), check out these key takeaways. You can also watch the webinar replay to see the full conversation.

Phishing attacks are becoming more sophisticated as hackers are automating and tailoring messages using AI. According to our expert speakers, these attacks are not going away and IT leaders need to be prepared.

“Hackers use phishing attacks for one simple reason: They work,” said Cluley, adding that there are no longer obvious phishing red flags. “Any email could be a well-crafted fake.”

A report commissioned by Dashlane on the state of credential security supports Cluley’s argument, showing that 80% of IT leaders say phishing attempts are on the rise. Eighty-four percent also report an increase in the sophistication of these attacks. 

Dashlane CTO Frederic Rivain added that it’s essential that credential managers innovate towards phishing-resistant solutions.

“The reality is brutal, so we need to protect customers against today’s threats,” said Rivain. 

According to the report, 39% of employees use apps that are not managed by their company. This use of unauthorized apps, known as shadow IT, continues to expand the attack surface for hackers. And single sign-on (SSO) alone won’t prevent breaches as 37% of corporate apps are not behind SSO.

This larger attack surface means that IT leaders now need to deal with “shadow IT 2.0,” making their jobs even more difficult.

“Working in IT is already hard. Now it’s even harder with the increase of risk and the reduced visibility of threats,” said Rivain.

As shadow IT increases, organizations should invest in tools that provide visibility into unauthorized apps and secure them before they become vulnerable, helping to mitigate the risk of breaches.

The increasing sophistication and frequency of threats are increasing IT departments’ workload. This surge in responsibilities places more pressure on IT professionals, who are struggling to keep up.

The burden of these responsibilities is highlighted in our report, which found that 58% of IT practitioners report feeling overwhelmed by their daily tasks and responsibilities.

This statistic underscores the need for organizations to provide IT professionals with the necessary tools, resources, and support to effectively manage the threats, including poor password health. Without adequate support, IT professionals will continue to be overburdened, potentially leading to burnout, decreased productivity, and increased security risks.

Mandatory security training is one of the traditional methods used by IT leaders to educate employees on the importance of credential security, but, according to the report, employees actively avoid training sessions. 

This practice of simply informing employees about what actions to avoid is no longer sufficient. A paradigm shift is necessary, where security becomes an effortless and integral part of the organizational culture.

“Old fashioned security training isn’t cutting the mustard,” said Cluley. “Security needs to be as easy as possible and engrained into the workings of the organization.” 

At Dashlane, we believe that tools such as Nudges—real-time alerts in a familiar communication channel like Slack that encourage employees to update weak, reused, or compromised credentials—are one way to get employees to improve their security behaviors. In fact, our data shows that 75% of companies using Nudges saw improvement in password health.

Passwordless authentication offers a more secure and user-friendly approach to cybersecurity for the future, and it’s rapidly becoming mainstream.

By reducing the reliance on passwords, passwordless authentication methods help organizations protect against phishing and other cyberattacks. They can also reduce the need for time-consuming and tedious security training, simplifying security for employees while providing stronger protection against breaches. 

With the expansion of AI and shadow IT, credential security is more crucial than ever.  IT leaders must adapt to this new reality by adopting innovative solutions that not only protect against threats but also alleviate the burden on IT teams.  

Getting proactive with credential security and fostering a culture of security awareness are essential steps in fortifying organizations against the ever-growing threat of cyberattacks.