AI and Ransomware Top the List of Mid-Market IT Cyber Threats

AI and Ransomware Top List A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats.

It's somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4’s Mid-Market IT Priorities Report 2024. This report sheds light on the fact that two of the top three cyber threats concerning mid-market IT departments are AI-based threats and ransomware, with insider threats ranking as the primary concern this year.

Let’s break these two down a bit:

AI-Related Threats – Nearly every example of AI used for malicious purposes by cybercriminals is in the form of helping write phishing content, scripts and finding intelligence about or vulnerabilities within specific technologies. There’s a great example list from OpenAI of actions taken by five separate threat groups.

So, if the output of AI use is phishing emails and malicious scripts, it stands to reason that phishing is likely going to be a big problem in the future, right?
Ransomware – With such a material portion of ransomware attacks starting with phishing, it seems like the best course of action is to try to prevent it. And as a secondary strategy, have an ability to quickly recover operations.

Now play those two forward for the IT pro: what should they be doing next to prepare for their top perceived threats?

Probably solid protection around phishing, great detection on endpoints and servers, and a lock-tight disaster recovery strategy, right?

But then the report goes on to highlight the cybersecurity offerings in place to “tackle” the threats. Take a look at the chart below:

3-1-24 Image

Source: Node4

The number one offering to (I’m assuming) address ransomware and AI threats is cyber insurance. Not email scanning, DNS filtering, endpoint protection, security awareness training, or any type of proactive measures. It’s good to see incident response, but then we read ransomware negotiation – it feels like these IT organizations have simply given up.

If you're truly concerned with dealing with any kind of cyber threat, the answer lies in putting up effective defenses to minimize the risk of a successful attack – a defense that should include security awareness training.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

Here's how it works: