New and increasingly sophisticated cyberattacks, including ransomware, have radically changed the way SMBs manage IT resources. New threats appear daily, posing dangerous risks to data, identities, and infrastructure. As a result, MSPs are on the front lines of the cybersecurity battle — and may be making some big mistakes.
As new threats appear and the landscape changes, clients are asking them to review and reevaluate risks, tools, strategies, and best practices that fortify their businesses.
The challenges extend far beyond ransomware. Artificial intelligence (AI) is fundamentally reshaping cybersecurity in both positive and negative ways. It has introduced powerful tools — but also new and far more lethal ways to conduct phishing campaigns and invade networks.
“Expect to see more sophisticated attacks that exploit zero-day vulnerabilities and cloud infrastructure,” stated Shidarion Clark, a computer systems engineer at 1 Sync Technologies, a Montgomery, AL-based MSP. “Threats have evolved toward supply chain attacks, targeted phishing campaigns, and AI-powered attacks.”
Risky Business
Tight budgets, limited expertise, and minimal IT and security staffing are ongoing concerns for SMBs. Adding to the chaos, “Many businesses do not make security awareness training a high enough priority,” said Mark Anthony Germanos, a cybersecurity consultant and ethical hacker at Sacramento, CA-based Cyber Safety Net.
MSPs face their own set of challenges. Managing IT infrastructure for an array of clients — often operating in different industries with entirely different requirements — can ratchet up the difficulties. At the same time, technical complexities are ticking up, particularly as multicloud frameworks emerge.
Addressing the most urgent risks is essential. MSPs should focus on six key areas, according to Philip de Souza, president of Torrance, CA-based IT security consulting firm Aurora:
Philip de Souza
- Ransomware attacks
- Phishing and social engineering
- Insider threats
- Cloud security misconfigurations
- Identity and credential theft
- AI and machine learning (ML) exploits
“Ransomware attacks [are] targeting critical infrastructure, healthcare systems, and large enterprises with tactics like double extortion, where attackers both encrypt and steal data,” de Souza explained.
The Emerging Risks of AI
AI, particularly generative AI, is a new frontier of risk. In some cases, attackers manipulate underlying models and data. This can result in skewed predictions, compromised decisions, and system malfunctions.
On the ransomware front, generative AI makes phishing attempts more difficult to discern, Germanos said. “Urgency, awkward grammar and bad links are giving way to grammar that sounds and reads naturally. Links may appear valid but with alternate character sets and domain spoofing.”
Another emerging AI risk is vishing, which spoofs actual voices. “For years, we’ve been telling people to vet email. But when EFT instructions come via email and are followed-up with an AI-generated version of the CFO’s voice, a victim believes they have vetted the request. After all, they spoke in real time with someone they were convinced was the true CFO,” Germanos said.
>> RELATED: Read ChannelPro’s article about vishing and the threat of AI-generated deepfakes to businesses.<<
The challenges aren’t going to disappear anytime soon — particularly as remote work and hybrid work models expand. “Expect to see an increase in sophisticated attacks that exploit zero-day vulnerabilities and cloud infrastructure,” Clark said.
Technology Matters
There are several effective ways to combat cybersecurity mistakes. Here are a few key ones:
- Eliminate Weak Passwords. Multifactor authentication (MFA) with biometrics is a big step toward locking down data, de Souza said. More advanced passkeys (passwordless access) can push protections up further.
- Patching. This includes enforcing policies for those working remotely. The remedy, Clark said, is to “adopt an automated patch management solution that prioritizes critical vulnerabilities, schedules downtime for updates, and tests patches in a controlled environment before deployment.”
- Focus on Resilience. Disasters can be caused by humans, including ransomware, bitter employees sabotaging data, or negligent employees sharing privileged data on social media, Germanos noted. It’s also important to be ready to bounce back from natural disasters — such as fire, wind, or water damage.
- Effective Backup. This strategy is still one of the best insurance policies against downtime — and ransoms.
Meanwhile, technology is evolving. Most SMBs benefit from endpoint detection and response (EDR), which delivers real-time monitoring. Another valuable tool is security information and event management (SIEM), which aggregates and analyzes security data from various sources.
Shidarion Clark
Concurrently, AI-driven security platforms are changing the stakes, de Souza said. These platforms detect and respond to threats in real time while predicting potential vulnerabilities by analyzing vast amounts of data — and corresponding behaviors — across networks. “These systems take a ‘never trust, always verify’ approach by continuously validating user and device identities,” he explained.
An MSP can serve as a trusted ally to SMBs by understanding their requirements amid the backdrop of a changing cybersecurity environment. “Prioritizing scalability and flexibility allow tools to accommodate business growth and integrate with existing systems,” de Souza shared.
Passing the Test
There’s also the human side of the equation. It’s vital to supplement technology and controls with regular security awareness training, Clark said. This is important for areas as diverse as phishing and using AI.
Social media is yet another danger. “The information we share to create and grow connections is the same information attackers use when building victim profiles and launching attacks,” Germanos warned.
Still, with the right technologies, policies and training methods in place — including a robust incident response plan and methods ranging from PEN testing to ethical hacking — it’s possible to reduce the probability of a successful attack. “Building resilience against cyberattacks requires a multifaceted approach,” concluded de Souza.
Featured image: iStock
