Generative artificial intelligence (AI) tools have captured the imagination of businesses and their workers from the mailroom to the boardroom. However, there is a growing concern worldwide due to the dangerous AI risk management gap that leaves businesses vulnerable to cyber-attacks.
Recent research by Riskonnect, which surveyed more than 300 risk and compliance professionals worldwide, shows that only 17% of risk and compliance leaders have trained their organizations on the risks of using generative AI. Furthermore, new research from ExtraHop finds that IT and security leaders are unsure how to address the issue.
The good news is that the dangers of AI present opportunities for savvy MSPs to pursue. The following explores what MSPs need to pay attention to and how to jump on the AI trend to help educate customers and protect them from potential risks.
AI Cybersecurity Gaps
- Security isn’t a top priority. Despite being aware of the risks associated with generative AI, including exposure to customer and employee information, exposure of trade secrets, and financial loss, many businesses do not prioritize security measures when it comes to AI. (Generative AI describes algorithms such as ChatGPT that can generate new content, including audio, code, images, text, simulations and videos.) ExtraHop’s report, The Generative AI Tipping Point, finds that IT and security leaders are less concerned about security issues than about getting inaccurate information from AI. This may account for why less than 50% of organizations invest in technology to help monitor the use of generative AI, according to the report, potentially exposing businesses to cyber-attacks.
- Generative AI policies aren’t in place. There isn’t enough urgency around developing policies for the use of generative AI. According to Riskonnect’s 2023 New Generation of Risk Survey, “Organizations are taking a wait-and-see approach” and short-term methods such as generative AI bans have proven to be insufficient.
- Cybersecurity events are predicted to increase even faster. Authorities predict the accelerating adoption of AI to lead to a surge in personalized and realistic phishing attempts. According to Sift’s Q1 2023 Digital Trust and Safety Index, account hacking attempts have already increased fourfold due to AI-driven attacks. Current studies find that AI models can be vulnerable to theft through network attacks, social engineering techniques and exploitation by threat actors. Weak security protocols, insufficient encryption and lack of data privacy measures make AI instances susceptible to cybersecurity risks. Coupled with talent shortages, which companies aren’t sure how to solve, cyber risks are predicted to rise.
How To Leverage Generative AI Risks Into Opportunities
A favorite mantra of Shellye Archambeau, Fortune 500 board member, former CEO of MetricStream, and one of high-tech’s first female African American CEOs, is: “Risk and opportunity are two sides of the same coin.” To that point, MSPs can make the most of AI risk management gaps by offering clients technology and services that address the vulnerabilities.
Here are four ways to help protect your clients while increasing your bottom line:
- Educate customers about the impact of AI on cybersecurity. Companies are increasingly adopting generative AI. It is predicted to reach double the adoption rate of both smartphones and tablets by next year, according to Insider Intelligence. Because technology is moving so fast, companies don’t know where to start. Riskonnect reports that over 83% of companies have not briefed their organization on AI risks, let alone formally trained them. This gives MSPs the opportunity to educate clients on AI, the risks associated with it and how to create and implement a plan with the proper safeguards to protect them.
- Create policies around AI to enhance clients’ cybersecurity ecosystem. It’s estimated that generative AI will automate work activities that take up 60-70% of employees’ time today, according to Riskonnect. Leaders have expressed an interest in guidance and education to understand how generative AI can be applied across their organizations. Furthermore, ExtraHop finds that only 46% of organizations have policies in place governing the use of generative AI. By providing guidance on how to safely utilize the technology and what policies should be in place to provide strong safeguards, MSPs can help guide innovation that will uplevel their clients’ businesses.
- Offer AI cybersecurity services. While companies are aware of the risks AI presents and are expanding the size of their risk management teams, they lack cybersecurity expertise surrounding AI. The Generative AI Tipping Point finds that while 82% are very or somewhat confident their current security stack can protect them against threats from generative AI, less than half have invested in technology that helps their organization monitor the use of generative AI. Plus, multiple reports suggest a need to develop AI cybersecurity solutions to address the challenges and opportunities of using AI. MSPs should up-level their knowledge surrounding AI, then offer to proactively address cybersecurity and privacy risks associated with AI through robust security controls, encryption methods and proper handling and privacy practices.
- Use AI to counter cybercrime. There is the potential for hackers to use AI to develop more sophisticated cyberthreats. Not only should MSPs stay vigilant for new threats, but there is also an opportunity to leverage AI technology to counteract evolving risks. With one-third of companies increasing their spending on risk management technology, according to Riskonnect, consider how AI tools can strengthen and alleviate security staff and enhance threat detection and mitigation strategies.
Artificial intelligence’s rapid maturation and proliferation present new and notable cyberthreats that cannot be ignored. While cybersecurity as it pertains to AI use may not be a top priority for businesses, the risk of exposure is significant. Bridging the gap in understanding and providing proper education, guidance and technology can help your clients protect themselves from potential attacks while also allowing you to increase your MSP’s bottom line.
