AI – Things to Know

During a recent industry webinar by a leading anti-virus vendor, some very interesting data was shared regarding AI and how it’s being used. Most of the focus was on things Managed Service Providers should know and do (that’s us). There were some interesting takeaways that we thought we’d share with you, too.

The most common time of day for bad actors to attack is the middle of the night! They love 1:00 to 5:00 am when no one is working. These people are more efficient than ever. They can get in an environment, do their damage, and get out before anyone receives any alerts or notices anything is ‘off.’ They’re patient—getting into the environment whenever—then waiting for a middle-of-the-night window. They launch their payload, gather what they want, and get out before the lights go on at the office and anyone can notice something is wrong.

Someone, probably several someones, is using AI at your company. Thinking back to the pandemic, people got creative, opening personal DropBox accounts just to make things happen, without thinking about access or security. Everyone made choices just to get by. The same thing is happening with AI which means you have to consider security risks for the various things people are trying. If you’re not directing what they should do, or asking what they are doing, the company could be at risk, intentionally or unintentionally. Consider guidelines for Zero Trust, Claude, ChatGPT, Copilot and others.

At a minimum, companies should have Endpoint Detection and Response (EDR) in place as a first line of defense.

Hackers are using AI, too, including Agentics which can scale and perform tasks, and tools that require minimal intervention once they’re in the environment. –CMW