Q&A: Barracuda Networks On AI-Driven Email Scams & The Importance Of Multi-Layered Email Defenses

“Attackers are using AI to craft highly personalized and convincing phishing attacks, making it harder for traditional defenses to detect threats,” says Olesia Klevchuk, the Director of Product Marketing at Barracuda Networks.

Barracuda Networks is a leading security provider, offering a suite of email, network, data, and application security tools for more than 150,000 organizations and MSPs globally. Klevchuk focuses on defining how organizations can protect themselves against advanced email threats, spear phishing, and account takeover.

As email threats continue to be one of the significant causes of data breach, we reached out to Klevchuk for a Q&A on the state of the email security threat landscape and what trends she expects to see in the email security space in 2025.

Q. What are the biggest challenges facing organizations in the email security space today, and how are threats evolving?

Sophisticated threats: The volume and complexity of phishing, Business Email Compromise (BEC), and account takeover attacks are on the rise, with increasingly sophisticated tactics often bypassing traditional email security measures. Hackers are leveraging new techniques, such as QR-code attacks, voice phishing (vishing), and SMS phishing (smishing), to exploit vulnerabilities.

Use of AI by email scammers: Attackers are using AI to craft highly personalized and convincing phishing attacks, making it harder for traditional defenses to detect threats. Additionally, there is a notable rise in blended attacks, where email serves as the initial entry point for multi-vector campaigns. These campaigns often combine phishing with malware, credential theft, and lateral movement within the organization, making them harder to detect and contain.

Resource constraints: Many organizations face resource constraints, with limited IT and security staff unable to keep pace with the complexity and volume of evolving email threats. This shortage of skilled personnel leads to delayed responses, gaps in security coverage, and greater exposure to risks, leaving organizations vulnerable to data breaches.

Insider threat and human error: Employees continue to be one of the weakest links in organizational security. Whether through clicking on phishing links, mishandling sensitive data, or falling victim to social engineering tactics, human error remains a persistent challenge that reinforces the need for both technological solutions and security awareness training.

Q. How does the Barracuda Email Protection platform help teams address these challenges, and how do you differentiate the platform in this competitive space?

AI-Powered Security: Our AI-powered email security leverages advanced techniques to detect and block these sophisticated threats. Social graph analysis maps relationships and interaction patterns between email users to identify unusual or suspicious activity.

Contextual analysis detects anomalies in email behavior, such as irregular sender activity or unexpected geographic locations. At the same time, Natural Language Processing (NLP) evaluates email content for sentiment, tone, context, and potential malicious intent. Together, these capabilities provide comprehensive protection against phishing and social engineering attacks.

Easy to use: Our solution is designed with simplicity in mind. There is no need for extensive configurations or manual oversight, making security effortless without compromising on detection efficacy.

Automated post-delivery response: Our email security solution includes automated incident response to address threats that slip past initial defenses. It helps Security teams to identify and remediate malicious emails after they have been delivered, neutralizing threats before they can cause harm.

For example, if a phishing email bypasses pre-delivery filters, automated workflows can quickly identify the potential attack, notify admins, and remove it from inboxes across the organization. This minimizes the time attackers have to exploit vulnerabilities and reduces the manual workload on IT teams, enabling faster, more efficient threat mitigation.

Q. What are your top recommendations for CISOs in the process of looking for an email security solution?

1. CISOs need to continue to adopt layered defenses. They should look for solutions that combine pre-delivery and post-delivery capabilities to address modern threats comprehensively. Choosing a platform with robust automated incident response will reduce the time and effort required to mitigate threats.
2. Focusing on AI and machine learning will ensure that the solution uses advanced analytics to detect and respond to emerging threats. While opting for cloud-native, API-driven solutions will make it easier to scale and integrate with existing security stacks.
3. Prioritize vendors offering direct, responsive customer support and proactive service-level agreements (SLAs). This personal and immediate assistance will ensure that your organization stays protected by getting the right help when it matters most.

Q. What trends do you expect to see in the email security space in 2025?

1. Increased AI adoption: Both attackers and security teams will leverage AI more extensively, with security teams focusing on adaptive and predictive threat prevention.
2. Greater emphasis on API-based security: As cloud adoption grows, API-based email security will become the standard for real-time, adaptive protection.
3.  Consolidation of tools: Organizations will seek integrated platforms that combine email security, XDR, and other security layers to streamline operations.
4. Regulatory Changes: Rising data privacy laws and security regulations will drive demand for compliance-ready email security solutions.

Q. In your view, what should organizations’ top email security planning priorities for 2025 be?

1. AI-powered security: Deploy AI-powered email security to detect and mitigate sophisticated attacks like spear phishing and BEC.
2. Invest in Incident Response automation: Reduce response time and minimize damage with solutions capable of automated post-delivery remediation.
3. Achieve DMARC Enforcement: Improve email authentication to prevent domain spoofing and protect your brand reputation.
4. Focus on integration: Plan to integrate email security into a cohesive security architecture, including extended detection and response (XDR) solutions, which will provide unified visibility, faster threat mitigation, and compliance.

Further reading:

• Learn more about Barracuda Networks.
• Read our guide to the Top Email Security Gateways.