IBM's report indicates that 16% of data breaches involved AI tools, often for social engineering attacks at service desks. This trend makes it essential for organizations to improve identity verification processes to protect sensitive operations from AI-enabled impersonation.
Service desks are prime targets for social engineering attacks because attackers can often gain access without bypassing technical controls. IBM's 2025 Cost of a Data Breach Report indicates that 16% of studied breaches involved attackers utilizing AI tools, primarily for phishing and deepfake impersonation, highlighting serious implications for service desks.
AI contributes significantly to the tactics employed by malicious actors. For instance, it allows attackers to create credible-looking requests, which can mislead service desk agents into granting access to sensitive information. High-profile incidents at companies like M&S and MGM Resorts began with attackers posing as legitimate users, showing how effective AI-generated impersonations can be.
Onboarding new employees leaves organizations particularly susceptible to AI-driven attacks. Many companies lack familiarity with new hires, increasing the risk of social engineering. Attackers can easily present themselves as new employees, making urgent requests that service desk agents may feel pressured to fulfill without thorough verification.
To combat the growing threat posed by AI-enabled abuse, organizations need to implement stronger identity verification methods. This could involve multi-factor authentication and protocols to confirm the identity of individuals requesting sensitive access or changes. The growing sophistication of AI means that traditional methods may no longer be sufficient to protect sensitive data.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
IBM's report indicates that 16% of data breaches involved AI tools, often for social engineering attacks at service desks. This trend makes it essential for organizations to improve identity verification processes to protect sensitive operations from AI-enabled impersonation.