As AI-Powered Phishing Gains Steam, Organizations Use Password Managers to Combat Threats

BOSTON--(BUSINESS WIRE)--More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to a new social engineering survey conducted by LastPass, a leader in password and identity management solutions.

Recent advancements in artificial intelligence (AI), particularly generative AI, have empowered cyber criminals to coordinate social engineering assaults with unprecedented precision and customization. Phishing and other types of social engineering attacks manipulate people into sharing information they shouldn’t or making other mistakes that compromise their personal or organizational security.

Key findings from the survey:

• AI impact: More than 95% of respondents believe dynamic content through Large Language Models (LLMs) is making the detection of phishing attempts more challenging.

• Phishing threat: 81% of reporting businesses have seen an increase in phishing attacks in the past year. Phishing is projected to remain the top social engineering threat to businesses throughout 2024, surpassing other threats like business email compromise, vishing, smishing or baiting.

• Phishing testing programs: While 88% of respondents feel confident in their phishing testing programs, only 16% of users actually identify 75-100% of suspicious activity within these phishing testing programs. This difference points to a potential disconnect between their confidence and the actual effectiveness of the programs.

• Passkeys for resilience in the future: 78% of participating organizations recognize that replacing passwords with passkeys will enhance resilience against social engineering. Additionally, 96% of respondents plan to adopt passkeys, and many organizations are actively working to migrate employees away from passwords to mitigate social engineering risks.

• Password managers for resilience now: 61% of respondents use a password manager to prevent user credentials from being exposed via social engineering.

“In the evolving landscape of AI-fueled social engineering attacks, our security practices must be just as adaptable as the threat itself,” said Alex Cox, director of threat intelligence at LastPass. “It’s clear that IT and security leaders recognize the salience of this threat, as well as the ultimate solution to safeguarding their businesses’ data: a security future that is free from passwords.”

Password management: Measures to protect against social engineering

Social engineering attacks are so popular because they are comparatively easy to execute with a high success rate. Businesses can more successfully deter social engineering threats by understanding the nuances of prevalent attacks like phishing, baiting, business email compromise, and pretexting and educating employees accordingly. Implementing proactive measures including password managers, MFA and SSO, as well as empowering employees with knowledge, and fostering a security-conscious culture are essential to safeguarding the business.

To download the ebook, click here. An infographic of the survey results can be found here.

Survey methodology

LastPass commissioned the market research firm Lab42 to reveal the current state of password behaviors in the new era of remote work. The responses were generated from a survey of 1,000 professionals at organizations across a variety of industries in the U.S., United Kingdom, France, Germany, and Australia. The survey asked the professionals surveyed about their feelings and behaviors regarding online security. The results point to a disconnect between their confidence and the actual effectiveness of the program.

About LastPass

LastPass is an award-winning password manager which helps millions of registered users organize and protect their online lives. For more than 100,000 businesses of all sizes, LastPass provides password and identity management solutions that are convenient, easy to manage and effortless to use. From enterprise password management and single sign-on to adaptive multi-factor authentication, LastPass for Business gives superior control to IT and frictionless access to users. For more information, visit https://lastpass.com. LastPass is trademarked in the U.S. and other countries.