AI-based cyberthreats are holding steady at the top of the list of emerging risks, according to Gartner analysts.
AI-enhanced malicious attacks and AI-assisted misinformation campaigns came in first and second among the 286 senior enterprise risk executives surveyed by the market research firm, marking the third consecutive quarter that the technology led the rankings.
The worries about AI, large language models, and machine learning leading to more sophisticated cyberattacks – not to mention the ongoing struggles finding the AI and cybersecurity talent to address such risks – creates an opportunity for MSSPs, MSPs, and other service providers that can provide these services and skills enterprises and SMBs, according to Zeus Kerravla, principal analyst with ZK Research.
“It adds value to MSSPs,” Kerravala told MSSP Alert. “Protecting against [AI-based] cyberattacks requires using AI itself. It’s a fight-fire-with-fire sort of thing. Companies aren’t going to have all of that. MSSPs will.”
About 80% of the executives surveyed for the report released this month pointed to AI-enhanced malicious attacks as worrisome emerging cyber risks, putting it at the top of the for the third time in as many quarters. The next two – AI-assisted misinformation and escalating political polarization, both of which were cited 66% of the time – were likely influenced by the recently concluded U.S. presidential election.
AI-Assisted Misinformation Cited
Foreign adversaries like Russia, China, and Iran were seemingly always in the news over the course of the lengthy campaign season, attacking campaigns with misinformation to favor one candidate over another and, more broadly, to stoke what already is a highly polarized populace. AI was widely used by many of these nation-state threat groups through such tools as deepfakes and other AI-created false content.
Rounding out the top five were globally consequential events like the CrowdStrike incident in July that blue-screened some 8.5 million Windows systems and the ongoing misalignment of talent within organizations. It’s been difficult for years to find enough cybersecurity talent to fill all of the open positions. It’s become equally hard to find skilled AI pros.
MSSPs Bring the AI Skills and Expertise
That’s where MSSPs come into play, Kerravala said. They are pulling together the security and AI skills and expertise needed to help protect companies that increasingly are unable to do it themselves. And it will be needed. AI is helping cybercriminals in myriad ways, from making phishing messages more convincing and driving automation to making it easier for less-skilled bad actors to launch more sophisticated attacks.
“Cybersecurity is getting more complex,” the analyst said. “More and more, cybersecurity is getting harder to do by yourself. MSSPs can help inform customers about what [security] platforms are out there, how to put them together, how to aggregate the data and then what to look for.”
Other industry surveys have backed that up. In June, information management company OpenText released a survey of 1,500 MSPs and MSSPs that found 92.5% of them said that AI-led security and threat intelligence services were going to be the major drivers of growth over the following 12 months.
Echoing Kerravla’s point, the survey found that a key challenge for enterprises and SMBs alike is incorporating AI to help boost the effectiveness and efficiency of their security teams and tools. This represents a significant business opportunity for MSSPs and MSPs, who are already seeing trends bending in that direction, according to OpenText.
About 83% of those service providers surveyed said they’ve seen an increase in business fueled by the interests of companies in AI security tools expertise and 34% said incorporating AI into security is the top challenge they’re helping organizations address.
MSPs and MSSPs are preparing for the growing demand. More than 80% said they offer AI-related security services, and of those that don’t right now, 62% plan to start within 12 months.