SMBs vulnerable to AI-powered cyberattacks and complacent about ransomware
A new report from Cork Protection looks at the security challenges facing small and medium-sized businesses (SMBs), backed up by comment from a range of industry leaders. Challenges include an asymmetric threat landscape, defined by the misuse of artificial intelligence and relentless exploitation of human vulnerabilities.
Among the findings are that AI-powered adversaries are launching automated, sophisticated campaigns at unprecedented scale. Also the financial fallout of a breach now extends far beyond ransom, often resulting in business-ending costs.
As a result the traditional model of IT support is giving way to a new model centered on
proactive, specialized security, embodied by the rise of Managed Security Service Providers
(MSSPs) and the Managed Service Provider (MSP) industry.
The report suggests IT providers who evolve into security-first advisors (MSPs 3.0) are thriving. The total cybersecurity channel market expected to reach $282 billion by 2026 according to Canalys.
“Cybersecurity is no longer a checkbox for SMBs,” says Jay McBain, Chief Analyst, Canalys. “The providers who embrace security as the foundation of their services are capturing the market’s growth.”
Generative AI and large language models (LLMs) are being systematically co-opted to automate
and perfect social engineering. These tools can now generate flawless, context-aware, and
highly personalized phishing emails, text messages, and even voice communications at a scale of millions, far surpassing the efficacy of older, template-based attacks riddled with grammatical errors. The result is a deluge of malicious communication that is increasingly difficult for even trained employees to distinguish from legitimate correspondence.
AI is also being used to improve malware, with attackers innovating faster than current security tools.
The report identifies a ‘complacency gap’ when it comes to ransomware with SMBs often believing they’re too small to fall victim. “SMBs are still dangerously complacent about ransomware,” says Ryan Weeks, CISO of Vimeo. “Too many believe they’re not a target, or that basic defenses are enough. That mindset is exactly what attackers exploit.”
The full report is available from the Cork site.
Image credit: sdecoret/depositphotos.com