In today’s rapidly evolving tech landscape, artificial intelligence (AI) is transforming industries at an unprecedented pace. But while AI is often hailed for its productivity benefits, its implications for cybersecurity are just as profound, if not more so. Art Gross, CEO of Breach Secure Now, shared insights into how AI impacts cybersecurity practices, particularly for small businesses and managed service providers (MSPs). His conversation highlighted a crucial balancing act between leveraging AI’s productivity gains and addressing the new cybersecurity risks it introduces.
The New AI Frontier for Small Businesses
Many small businesses are starting to explore AI technologies, driven by the promise of improved efficiency and productivity. As Art noted, many business owners are asking questions about AI, often focusing on how it can streamline operations. However, Gross emphasized that it’s not just about productivity. Businesses must also be aware of the potential risks that AI brings, especially in the context of cybersecurity.
Gross and his team have been advocating for stronger cybersecurity practices for years. Despite the growing number of high-profile data breaches, many businesses have remained complacent, believing they are not targets. Gross frequently hears the sentiment, “We have a firewall and antivirus software; that’s enough.” However, the increasing sophistication of AI-driven cyberattacks shows these basic defenses are no longer sufficient.
AI’s Dual Role in Cybersecurity: Productivity and Protection
A key Gross makes is that AI should be viewed from two perspectives: productivity and cybersecurity. For clients focused on maximizing efficiency, AI tools can significantly enhance workflows and help businesses do more with fewer resources. For those concerned with cybersecurity, AI can mitigate and create new threats.
On the positive side, AI can enhance cybersecurity measures by improving threat detection and response times. AI algorithms can analyze patterns, detect anomalies, and identify potential threats far more efficiently than traditional methods. However, AI has become a powerful tool for cybercriminals when in the wrong hands. From generating deepfake videos to creating highly convincing phishing scams, attackers can leverage AI to make their malicious activities more effective and harder to detect.
Bridging the Gap Between Cybersecurity and AI Training
Gross explains that his team has developed specialized training programs to address the nature of AI. Just as they once created cybersecurity training tailored to Microsoft 365, they now offer courses focused on AI’s impact on cybersecurity. These courses cover how to use AI tools for productivity and educate employees on the cybersecurity threats associated with AI.
The shift in training is akin to moving from general cybersecurity concepts to more advanced, tool-specific education. According to Gross, it’s like going from teaching basic math to introducing algebra—there’s a progression in complexity as the threats become more sophisticated. Today, companies must educate their employees on AI-specific scams, such as phishing emails crafted by AI tools like ChatGPT and other generative AI platforms.
The Rising Threat of AI-Generated Phishing and Scams
One of the most concerning trends Gross highlights is AI to generate highly targeted phishing scams. In the past, phishing emails were often easy to spot due to poor grammar or obvious mistakes. However, AI-generated phishing emails are nearly flawless, making them much harder to identify.
“Now, instead of looking for emails with spelling errors, you need to be wary of those that are too perfect.”
The sophistication doesn’t stop at grammar and spelling. Cybercriminals are now combining information from past data breaches with publicly available information on social media to create highly personalized scams. For example, if a user’s data from LinkedIn or Dropbox has been leaked, attackers can feed that information into AI systems to generate emails tailored specifically to that individual. This level of personalization makes it increasingly difficult for individuals to recognize phishing attempts.
The Importance of Raising Awareness
Given the growing threat of AI-driven cyberattacks, Gross underscores the importance of evolving cybersecurity awareness training. It’s no longer enough to teach employees to look for the telltale signs of a scam. Instead, organizations must raise the bar, ensuring employees know how sophisticated attacks have become.
Gross draws an analogy between cybersecurity training and education levels.
“If you only know it in elementary school and you’re being attacked at the college level of intelligence, you’re going to lose. So we need to move employees and humans up that intelligence and awareness. So I think it will be harder for employees and humans to spot scams, but at the same time, we have to raise the level of education about them. Otherwise, they’re going to be victims and have no idea what it is. I don’t think it’s time to give up, but I think it’s time to get much more serious about what we’re telling employees and what they should be looking out for.”
If employees are only trained to detect scams at an elementary level, they will be outmatched by attackers operating at a college level. The solution, he argues, is to elevate training to meet these new threats head-on. Organizations can better prepare their teams to recognize and respond to more advanced scams by increasing employees’ awareness of how criminals leverage AI.
Preparing MSPs for the AI Revolution
Managed service providers (MSPs) play a crucial role in guiding small businesses through the complexities of cybersecurity and AI adoption. However, many MSPs are still getting comfortable with the idea of discussing AI with their clients. Gross points out that while MSPs are adept at talking about managed services and cloud solutions, AI is a new conversation for many.
AI is inherently complex, with concepts like machine learning, self-driving cars, and robotics often feeling overwhelming. But Gross believes MSPs don’t need to be experts in AI to have meaningful conversations with their clients. Instead, they should focus on discussing AI at a high level, emphasizing its practical applications and potential benefits rather than getting bogged down in the technical details.
Embracing the Future of AI and Cybersecurity
AI is reshaping the cybersecurity landscape in profound ways. Understanding AI’s potential and risks is essential for small businesses and MSPs. As Art Gross aptly puts it, the key is to develop a balanced approach—leveraging AI for productivity while staying vigilant about its misuse.
The goal is not to instill fear but to cultivate a mindset of caution and preparedness. By educating employees and empowering MSPs to have proactive conversations with their clients, organizations can navigate the challenges and opportunities that AI brings to the table.
The future may be uncertain, but with the right training, tools, and mindset, businesses can protect themselves against the rising tide of AI-driven cyber threats.
