In the reflection box below, answer the following questions based on your threat scenario.
This discussion question is from the Self-Paced Professional Learning for Teaching the Fabric of the Internet and AI.
I like how this compared the traditional response to an AI response
Traditional Response:
Manual Review: Security teams would manually review the flagged email. This involves checking the email headers, sender information, and any links or attachments included in the email.
User Reports: IT staff often rely on users to report suspicious emails, which can lead to delays in detection and response.
Spam Filters: Organizations utilize spam filters and blocklists to catch known phishing attempts, but these methods may not catch new or sophisticated phishing attacks.
Employee Training: Regular training sessions are conducted to educate employees on recognizing phishing attempts, but this relies heavily on user awareness and vigilance.
AI-Powered Response:
Pattern Recognition: AI analyzes the subject line and body of the email for common phishing indicators, such as urgency, requests for sensitive information, and the use of alarming language (e.g., “URGENT”).
Domain Analysis: AI checks the sender’s domain against known legitimate domains and looks for slight variations (e.g., typos or unusual domain extensions) that are often used in phishing schemes.
Link Inspection: AI inspects any embedded links to determine if they lead to malicious sites. It checks the URL structure and compares it against a database of known phishing URLs.
Behavioral Analysis: AI uses machine learning to analyze the email’s characteristics in the context of historical data, identifying patterns and anomalies that suggest phishing.
Real-Time Alerts: Upon detection, the AI can immediately quarantine the email and alert users with warnings, providing guidance on what actions to take (e.g., “Do not click on any links”).