cybersecurity

As Generative AI and the Emergence of Ransomware-as-a-Service Create Growing Challenges for SMEs, ALSO Cloud UK Highlights the Essential Support Offered by AI Copilot Tools.

The increasing prevalence of Ransomware-as-a-Service (RaaS) and generative AI is creating significant challenges for SMEs. As RaaS becomes more accessible, cybercriminals are able to execute complex attacks more easily, turning it into a billion-pound industry supported by organized and state-sponsored groups.

While larger companies can handle these threats due to their extensive cybersecurity teams, SMEs are more vulnerable. They face a greater risk of being targeted due to their weaker security posture and smaller scale, which makes them attractive to attackers seeking quick payouts.

Mark Appleton from ALSO Cloud UK believes that SMEs are especially at risk due to their limited security resources. “Smaller businesses might assume they’re safe, but attackers know that they’re likely to pay quickly and have weaker defenses. This makes them repeat targets for ransomware attacks.”

However, Appleton sees hope in AI-powered copilot solutions. “Although generative AI fuels RaaS, it can also provide the tools needed to counter it. Copilot technology offers a valuable defense mechanism and can be integrated into SME security systems by MSPs, reducing the need for extensive internal resources.”

He adds, “SMEs don’t need to invest millions in security software. By partnering with MSPs and utilizing cloud marketplace solutions, they can access expert assistance and training with ease. This collaborative approach can fill gaps in knowledge and resources, making cybersecurity more accessible.”

Appleton concludes, “With the right Copilot tools and expert partnerships, SMEs can enhance their defenses against ransomware. Generative AI, while a threat, can also be harnessed to proactively prevent attacks and safeguard operations effectively.”

The sophistication of Business Email Compromise (BEC) attacks means that cybercriminals are gaining access to more sensitive data, necessitating stronger defenses from businesses.

In response, the National Cyber Security Centre (NCSC) has recently issued new guidance for businesses on the threat posed by BEC attacks. These sophisticated attacks have seen significant success in recent months, highlighting the need for businesses to be better prepared to counter the threat.

BEC is a form of phishing, but unlike most phishing attacks that are general and broad, BEC attacks are tailored to individuals within organizations and are extremely convincing. While general phishing attacks use a scattergun approach, sending millions of emails in the hope that a few unassuming individuals will open them, BEC attacks require much more investment from cybercriminals. They tend to target “big fish,” often senior executives or employees with access to particularly valuable data.

The NCSC’s new guidance encourages firms to reduce their digital footprints by limiting the amount of publicly available information about senior executives. It also recommends training staff to identify BEC attempts, setting up two-step verification processes, restricting the number of employees who can make significant payments without further authorization, and planning for the worst by preparing to respond robustly to a successful BEC attack.

Whilst this guidance is useful, it also adds to the workload and budget expenditure of IT and security teams, which are already overcome by the burdens of increased threats and reduced budgets, as AJ Thompson, CCO at Northdoor plc, explains.

“In the face of an increasingly sophisticated threat, this new guidance from the NCSC makes complete sense. Businesses must be aware of what this threat now looks like, and employees need to be educated.

“Variations of BEC have been grabbing the headlines. We recently saw cybercriminals successfully get their hands on £20m after an employee at Arup was duped by a digitally recreated version of the company’s CFO via a video conference. This level of sophistication is rare but does highlight the level of investment that cybercriminals are willing to invest to get huge pay-offs.

“The more common approach is for an email from a senior executive. Everything about it will look authentic, but a request for a money transfer or access to data will be made somewhere in the conversation. If convinced, the employee will do as their ‘senior manager’ has asked of them and be none the wiser until the money is missed or the data leaked.

“Much of the advice from the NCSC is common sense. Reducing the amount of information about senior executives available online makes the job of making a convincing replica all the more difficult. Two-step verification also adds complexity for cybercriminals and reduces the number of employees who can make large payments.

“The most critical piece of guidance, though, is the education of team members. After all, employees are targeted by BEC, so ensuring that they understand what a potential BEC attack looks like and how to effectively deal with anything suspicious immediately nulls the threat.

“However, much of this guidance, whilst important, is simply adding to the already substantial workload of IT and security teams. This is also often in the shadow of reducing budgets. It is clear that BEC now represents a real threat to businesses but without the adequate resources to counter it, businesses are stuck. Some are turning to consultancies that can offer the expertise that might be lacking internally, as well as the assurance that threats will be dealt with, staff educated and a worst-case scenario business continuity plan. Taking the onus off already stretched internal teams is a good way of ensuring BEC attacks do not slip through the gaps whilst empowering staff to identify and deal with potential threats,” Thompson concluded.