While cybersecurity researchers tend to revel in discovering vulnerabilities, many of the ones that do get disclosed require cybercriminals to have extensive expertise to exploit. Most cybercriminals today remain focused on launching attacks that use tried and true techniques and are relatively simple to deploy because they rather not spend any more time than necessary achieving their goal.
The truth is most organizations are far better off paying attention to cybersecurity fundamentals. Phishing attacks, for example, that lead to stolen credentials being used to either install malware as a precursor to a ransomware attack, or a variant of a business email compromise (BEC), are a much bigger threat than a vulnerability that only a handful of cybercriminals might ever exploit. It’s simply a lot easier and more profitable for cybercriminals to insert themselves into a workflow using stolen credentials that enables them to redirect payments for invoices from a legitimate account to their own.
BEC attacks are on the rise with the emergence of generative AI
Unfortunately, these types of cyberattacks are expected to increase in volume and sophistication as cybercriminals become more adept at using generative AI platforms such as ChatGPT to create messages that will increasingly look and feel legitimate. This makes BEC attacks much easier to deploy by those who do not natively speak the language used by the people that work at their targeted organization.
In fact, MarketandMarkets has released a report that projects the value of the global BEC market will be $2.8 billion by 2027, a 19 percent increase from $1.1 billion in 2022. Much of that growth is forecasted to be driven by a new generation of intelligent email protection systems that will be infused with artificial intelligence (AI), according to the report. After all, the only way to really thwart those attacks is to rely more on AI to detect anomalies such as bank accounts that have never previously been used to transfer funds.
MSPs can take advantage of the transition
As that transition occurs, many organizations are naturally going to turn to managed service providers (MSPs) for help. At the very least, organizations that have little to no familiarity with how AI will be applied to cybersecurity will be in search of advice. A larger percentage of those organizations are going to determine that it makes more economic sense to have someone else manage the platforms required to thwart these attacks on their behalf.
Of course, MSPs will need to invest more time and effort in developing that AI expertise. They may not necessarily need to hire their own data science teams to build AI models, but they will need to be conversant enough to explain how it works. Despite all the current AI help, no organization at the end of the day is going to rely on a technology they don’t understand. MSPs that have gained the trust of customers are going to be asked to validate AI technologies that many customers will view with some level of suspicion until they eventually become comfortable with the concepts.
There will, as always, be a lot of concern of which roles and functions might be eliminated by AI, but it’s not likely humans will be taken out of the cybersecurity loop any time soon. Instead, as more rote tasks are automated it’s much more likely to turn out the cybersecurity not only gets better but becomes a whole lot less tedious to provide.
Photo: Golden Dayz / Shutterstock
