While the potential impact of AI shouldn’t be underestimated, we should also remember that most of today’s threats and exploits are focused on basic gaps in cyber hygiene.

At the end of 2022, the world was wrapping up a year that saw — among other major events — the unofficial end of the Covid-19 pandemic, the start of the war in Ukraine, and the passing of Queen Elizabeth II.  

Around the same time, one somewhat cryptic term began appearing in Google searches: ChatGPT. Very quickly, searches for this term ballooned and reached a peak in April 2023, dragging along with it searches for AI, as the below chart from Google Trends illustrates:

As we collectively digested the buzz around generative AI or large language models (LLM), cybersecurity experts scrambled to predict the implications of this new powerful application, both in terms of strengthening cyber defenses for individuals and businesses as well as the risks associated with new threats and powerful tools that would be in the hands of bad actors.  

Some of the anticipated positive consequences of the rise of generative AI in the cybersecurity space include: 

• Helping human security professionals prioritize security incidents and accelerate responses through AI-powered correlation of data on attacks (as was announced in Microsoft’s Security Copilot).  
• Helping businesses learn how, where, and by which methods attackers are trying to penetrate an endpoint as well as the identities that they attempt to use. This equips endpoint protection tools with predictive capabilities that anticipate threats before they occur.  

On the other hand, LLMs can also be used by bad actors. For example, they can reduce the monotonous, time-consuming elements of hacking, such as gathering data about a target. AI could also be used to create malicious code or phishing scams at scale; it can exploit more vulnerabilities by making it harder to trust identities, data, and correspondence. 

The reality of common AI-related threats to SMBs 
 
While the potential impact of AI shouldn’t be underestimated, we should also remember that most of today’s threats and exploits are focused on basic gaps in cyber hygiene. Small and medium businesses often lack the expertise or the investment appetite to implement basic protective measures like antivirus or endpoint security, password management, and backing up their data. Viruses, phishing, and ransomware still top the list of most common attacks targeted at SMBs, and hackers can easily deploy such attacks today without the help of sophisticated AI-powered technology.  

Our recommendation is to prioritize the deployment of robust security measures for today’s most common threats while staying abreast of future threats and potential new security capabilities powered by AI.  

Here are three easy ways for SMBs to accomplish this:

1. Find a technology partner or service provider who specializes in defending against cyber threats that are most relevant to small and medium businesses. 
2. Implement basic, robust security measures and periodically assess what new vulnerabilities your business may be exposed to. Our recent Avast Threat Report is an example of a powerful source of updated information about common threats and exploits. 
3. Ask your security provider how they are incorporating the benefits of AI in future-proofing your business and how you can take advantage of AI-powered security features. 

At Avast, we continue to work closely with technology partners and academia to research and develop cutting-edge cyber safety capabilities using AI and machine learning to help our SMB customers remain confident in their ability to be shielded from attacks online — today, tomorrow, and beyond.