For small and medium-sized enterprises (SMEs), staying abreast of cybersecurity developments is critical 鈥 not just to growth, but to the company鈥檚 bottom line. But security evolves quickly, and it can be hard to keep up.
In the midst of this fast-evolving security environment, AI has made a bold entrance. So bold, in fact, that only 10% of SMEs aren鈥檛 using AI and don鈥檛 plan to, according to a recent 探花大神 research report.
With this rapid adoption have come significant gains and uncharted concerns, seemingly in equal measure. This blog will explore AI鈥檚 ramifications 鈥 both positive and negative 鈥 on security for SMEs.
All data cited in this article is pulled from 探花大神鈥檚 2024 SME IT Trends Report unless otherwise cited.
The Bright Side
AI presents SMEs with many opportunities to improve their security. From intelligent network monitoring tools to AI-assisted asset management, AI helps companies reduce blind spots, close monitoring gaps caused by off-hours and staffing shortages, and automate workflows that allow fewer things to slip through the cracks. In short, AI empowers SMEs to run a tighter ship.聽
In general, SMEs seem eager to leverage these benefits. A whopping 90% of SMEs said that they use or are planning to use AI, and 77% of IT professionals see AI as a net positive for their organization. More than half (60%) of IT pros say their company is adopting AI at the right pace, and worries about AI鈥檚 impact on their jobs is subsiding: 35% worry about job impact, down from 45% in Q1 of 2024.
The Darker Side
Despite these wins, the rise of AI has come with some murkier areas 鈥 particularly when it comes to security.
Security is a significant hurdle for many SMEs: 60% said that it鈥檚 the top challenge for their IT teams. What鈥檚 more, 45% have already fallen victim to a cybersecurity attack in the first half of 2024 alone.
Of these attacks, the most common vectors were phishing (43%) and shadow IT (37%). These top attack vectors are already being influenced by AI. Hackers are increasingly leveraging AI to generate and carry out phishing attacks. And with employees eager to reap the benefits of AI tools, 鈥溾 is becoming a growing problem.
In addition to accelerating existing threats, AI may be introducing some new ones. For example, generative AI raises concerns about data security, information delivery, and the potential to generate harmful or malicious output. Read more about these risks in our blog, 3 Security Implications of ChatGPT and Other Content Generation Tools.
How Are SMEs Addressing the Challenge?
In the midst of this fast change, SMEs appear resilient and adaptable. They鈥檝e demonstrated improvement and seem to be embracing best practices in many areas of security. These measures help to protect against attacks as well as provide a fallback, should one occur.
Funding
Funding appears to be a critical factor in maintaining security at SMEs. Nearly three-quarters of SME IT professionals said that future budget cuts would put their organizations at risk. Fortunately, SMEs seem to have bought into the importance of investing in IT: 77% said their budgets increased over the past year, and 70% said they expect their budgets to increase in the next six months. These investments seem to be paying off: 73% said their org is financially prepared to recover from a cybersecurity attack.
Authentication
IT teams are investing in stronger authentication methods as a means of protection against attack. For example, 67% of IT teams agree that their organization鈥檚 security posture would be stronger if biometrics were required, and more than half (66%) require it.
Staffing and Executive Confidence
SMEs seem to recognize the importance of security expertise and trust their teams to deliver. The majority of SMEs (84%) have an IT security expert on staff, and 82% of IT professionals said management respects their counsel and recommendations around IT operations.
Addressing Shadow IT
Centralized IT management can help combat shadow IT, and SMEs seem to be pursuing centralization. Nearly half (49%) say all employee accounts are managed centrally with permissions and security measures controlled by IT. Only 11% leave accounts entirely unmanaged and encourage 鈥 but don鈥檛 mandate 鈥 steps like multi-factor authentication (MFA).
However, shadow IT seems to be a tricky problem to eradicate. Over four in five (84%) of IT professionals are concerned with shadow IT. When asked why they aren鈥檛 able to address shadow IT, prioritization, visibility, and their organization鈥檚 fast pace were the top cited reasons.
Dialing Into More Data
The statistics and trends presented here are just a glimpse into the full data presented in the July 2024 edition of 探花大神鈥檚 biannual report. In the full report, 探花大神 explores critical topics for SMEs globally, including job outlook, specific attack vectors, and how larger macroeconomic trends are affecting SMEs. Download the full report.
