Edition: International | Greek
MENU

Home » Management

Generative AI for small-medium-sized business: cybersecurity chaos or empowerment?

The cybersecurity threat for small and medium-sized businesses (SMBs) is real: Ransomware attacks increased by almost 300%, with over 50% targeting small businesses

By: EBR - Posted: Friday, July 21, 2023

SMBs face challenges in assimilating advanced security solutions in their business due to a lack of skilled staff in-house (more than 60% of SMBs lack these). Therefore, more SMBs rely on managed service providers (MSPs), which, until recently, were primarily focused on supplying IT infrastructure and cybersecurity services.
SMBs face challenges in assimilating advanced security solutions in their business due to a lack of skilled staff in-house (more than 60% of SMBs lack these). Therefore, more SMBs rely on managed service providers (MSPs), which, until recently, were primarily focused on supplying IT infrastructure and cybersecurity services.

by Binil Pillai, Doron Bar Shalom and Tal Goldstein*

The cybersecurity threat for small and medium-sized businesses (SMBs) is real: Ransomware attacks increased by almost 300%, with over 50% targeting small businesses, finds a Microsoft study from April 2022.

The economic cost of these attacks is high, with over 60% of SMBs being unable to operate after they’ve experienced a cyberattack. The lack of basic cybersecurity measures increases their risk of cyberattacks, and cyber criminals are drawn to these businesses as easy targets for low-risk, high-reward attacks.

SMBs face challenges in assimilating advanced security solutions in their business due to a lack of skilled staff in-house (more than 60% of SMBs lack these). Therefore, more SMBs rely on managed service providers (MSPs), which, until recently, were primarily focused on supplying IT infrastructure and cybersecurity services.

SMBs are keen to explore the possibilities that generative AI can bring for accelerating their growth beyond what could significantly add value from a cybersecurity perspective. As a branch of artificial intelligence, generative AI enables SMBs to leverage advanced technology to improve operations, enhance customer experiences, and gain a competitive edge in the market.

Increased cyber-risks of generative AI

Generative AI lowers the barriers to entry for threat actors without vast security knowledge and background to carry out a successful attack. These beginners will likely target SMBs as they seem less protected than their large enterprise counterparts. While generative AI offers significant opportunities for SMBs, it also introduces the following new security risks:

-AI-enhanced malware. Generative AI can generate malicious code for automated deployment. Currently, malicious actors have been doing this even without AI; however, with AI, they can do it at a scale that maximizes the impact.

-AI-infused phishing and social engineering. Generative AI can create convincing messages for phishing emails, social engineering attacks and deepfake videos targeting SMBs. Using generative AI, hackers can avoid human errors, and non-native speakers will be able to craft a phishing email with perfect spelling and grammar. Also, the scaling up such attacks with phishing as a service and automated phishing email attack per target pose challenges to the cybersecurity resiliency of SMBs, as traditional defences may struggle to detect and mitigate such novel threats.

-AI-powered fraud. Business Email Compromise (BEC) scams are a type of cyber fraud in which attackers impersonate a trusted individual or organization through email to deceive victims. With generative AI, attackers can create emails that closely mimic the style, tone and vocabulary of the impersonated person or organization, making them increasingly difficult to distinguish from genuine ones.

SMBs are more vulnerable to cyberattacks if they have not taken action to secure their identities, devices and business application, due to a shortage of skilled personnel. Generative AI could exacerbate these vulnerabilities – and as a result, we may see a significant increase in cyberattacks on SMBs in the coming years.

AI-reinforced security

But generative AI can also be crucial in SMB cybersecurity by providing advanced capabilities to detect, analyze and respond to potential threats. Putting aside the risks, generative AI offers an outstanding opportunity to change the balance between attackers and defenders, especially for SMBs that lack resources. By embracing the following benefits, SMBs can harness the power of generative AI to enhance cybersecurity resiliency:

-Anomaly detection. Generative AI can be used as a tool to discover patterns and behaviours of normal network traffic and user activities or system operations within IT infrastructure.

-Rapid monitoring. Generative AI can help a security analyst doing the work to reason over the massive data stores and detect and respond faster.

-Automated response. Generative AI can trigger computerized responses, such as isolating affected systems and blocking suspicious IP addresses. It can also guide the user on taking the right action, using the right tools, and setting up those types of automation, regardless of which technology the customer has implemented.

-Vulnerability assessment and patch management. By simulating potential attack scenarios, generative AI can help prioritize vulnerabilities based on their business impact and recommend effective patch management strategies.

-Faster learning. Generative AI can enhance education and quicker understanding of the people they do have working in IT and security. Generative AI is not doing all the work for them; it is enhancing what they can do with the tool.

A multistakeholder approach to generative AI

The following stakeholders collectively contribute to the growth, innovation and responsible use of generative AI in the SMB landscape:

-Big technology companies. Generative AI is one of the latest influential topics recently, especially with the arrival of platforms such as ChatGPT and Microsoft Security Copilot. Most generative AI products have the potential to enable security with a reactive capability rather than offensive; however, the field’s impact on cybersecurity is likely to be much bigger than what we see today. Big tech companies like Microsoft, Google, and IBM can make significant advancements in the field of generative AI by developing tools and platforms for both research and practical applications.

-Managed Service Provider (MSP). MSPs can enhance their support for customers by leveraging cybersecurity-based AI products. This is especially important as MSPs also face a shortage of skilled personnel in cybersecurity. By utilizing the augmentation and recommendations provided by these AI products, MSPs can customize solutions for each customer using their business data. This approach enables them to provide more effective support and tailored solutions that meet each customer’s unique needs.

-Governments and regulatory bodies. Governments and regulatory bodies worldwide have a crucial role in formulating policies and guidelines embedded into the broader cybersecurity framework. They address ethics, bias and accountability concerns in AI systems. Their involvement helps set a standard for the successful adoption of AI technology.

There are many cyber challenges for SMBs. However, recent developments in generative AI provide a unique opportunity to enhance cybersecurity resiliency.
Development and successful assimilation of advanced generative AI cybersecurity products and services require a holistic and collaborative approach by different stakeholders to impact the fight against cybercrime significantly. The World Economic Forum Partnership against Cybercrime is committed to promoting this necessary collaboration.

*WW SMB Security Leader, Microsoft and Strategic Innovation Principal Program Manager, Microsoft Security Office of the CTO and Head of Strategy, World Economic Forum
**first published in: Weforum.org

 

READ ALSO

EU Actually

Macron, France and EU in problems

N. Peter KramerBy: N. Peter Kramer

The pontifical and pompous re-opening of the Notre Dame Cathedral, five years after the devasting fire, cannot conceal that France is sinking into an unprecedented political crisis

View 04/2021 2021 Digital edition

Magazine

Current Issue

04/2021 2021

View past issues
Subscribe
Advertise
Digital edition

Europe

Macron to head to Warsaw to brief Tusk, Duda on US-Ukraine talks

Macron to head to Warsaw to brief Tusk, Duda on US-Ukraine talks

French President Emmanuel Macron is expected in Warsaw to debrief on conversations with US President-elect Donald Trump and Ukrainian President Volodymyr Zelenskyy over the weekend

Business

Value-based trade policies are on the rise- Here’s what businesses need to know

Value-based trade policies are on the rise- Here’s what businesses need to know

Trade policy is no longer just there to promote efficiency and productivity in the flow of goods and services

MARKET INDICES

Powered by Investing.com
All contents © Copyright EMG Strategic Consulting Ltd. 1997-2024. All Rights Reserved   |   Home Page  |   Disclaimer  |   Website by Theratron