AI Cybersecurity for Small Business Best Practices

Written By Ryan Smith

AI Cybersecurity for Small Business

Small businesses and large businesses differ greatly in their cybersecurity needs. While both kinds of businesses require cybersecurity defenses of some form, the defenses that small businesses take will differ greatly from what large businesses take. Larger businesses may have hundreds, if not thousands of workstations, servers, cloud resources, and the like. Small businesses may have a workstation here and there, a couple servers that perform the majority of business related tasks, and a couple of cloud resources (if at all) depending on the nature of the small business. Unfortunately, the biggest problem with cybersecurity for small businesses stems from the perception of cybersecurity from both small business owners and cybersecurity vendors.

Small and medium sized business owners have two goals: to make a profit and to keep the lights on. While some business owners may have cybersecurity in mind, the majority of them are too busy with the day-to-day of the business to implement a cybersecurity strategy. In fact, a lot of them are not knowledgeable in emerging threats to their businesses or how to even begin securing their environments from cyber attacks. What compounds this issue is that a lot of owners believe that they are too small to be targeted by cyber attacks, which is definitely not the case today when every business HAS to have an online presence of some form to be successful. As experienced cybersecurity professionals already know, a business’s online presence alone can give attackers enough information to plan attacks, including the email addresses of employees, the business’s product/service offering, as well as the technologies used by the business that may have their own vulnerabilities associated with them.

What compounds this issue is that traditional cybersecurity vendors know the priorities of small businesses and realize that there’s not much profit to be made from businesses where cybersecurity isn’t a huge concern. Therefore, it makes more sense for vendors to market their offerings to larger businesses that actually invest in cybersecurity. Ironically, the combination of these actions by small business owners and cybersecurity vendors lead to a lack of market options for small businesses when they’re the ones that need them the most.

Now let’s talk about Managed Server Providers (MSPs) and Managed Security Service Providers (MSSPs). Some small to medium businesses choose to outsource their IT/cybersecurity functions in order to gain better cybersecurity without having to do it themselves. Managed Service Providers and Managed Security Service Providers provide this service by bridging the gap between small businesses and their IT/cybersecurity needs. MSPs focus on IT/cybersecurity needs as a whole for small businesses while MSSPs focus primarily on their cybersecurity needs. Depending on the maturity of the small business, one may be better than the other. There are plenty of these kinds of providers in the market for small businesses to choose and is a great way for them to better secure their business assets at (relatively) affordable prices. However, the biggest issue with MSPs and MSSPs is not with the providers themselves, but rather making small business owners realize that they actually need cybersecurity in their businesses. All of the MSP and MSSP offerings in the world won’t make a difference if owners don’t believe they have a need for them.

The rise of AI presents an interesting twist to this narrative, as it’s currently being painted as the ultimate solution for everything. While this is definitely false, AI can definitely help small businesses with their cybersecurity. The large amount of interest towards how AI can improve businesses will undoubtedly make its way down to small businesses owners who will see how they can use it themselves, which can lead to seeing how it can be used for cybersecurity purposes. Unfortunately, AI has turned into a buzzword as of late and its usage has been used primarily for marketing purposes. Not all AI solutions are created equal, and it would be wise of small business owners to understand the reality of AI in its current state as it applies to cybersecurity and how it would work in small and medium sized businesses.

How AI Can Enhance Cybersecurity for Small Business

Let’s take a minute to do some level setting for AI. Simply put, the most promising aspects of AI cybersecurity for small business today is enhanced anomaly/threat detection as well as being able to summarize large amounts of data. Yes, that’s about it. This isn’t to say that it won’t get better for small businesses (it obviously will), but it’s not a silver bullet that can solve all of the main cybersecurity issues that small businesses face today. Social engineering will still be a primary attack vector. Vulnerabilities will still exist in infrastructure that will need to be patched. There will still need to be ways to inventory what systems and resources are on your network so that they can be secured. AI should not be thought of as a panacea for cybersecurity, but rather a way to augment existing cybersecurity tools so that they can better perform their existing tasks. Now that the level setting is complete, the good news is that existing cybersecurity solutions are more than adequate to handle the needs of today’s small businesses. 

If a small business is a mom-and-pop shop, then their digital assets may include email, a computer, and a WiFi network where they connect to the internet. Fortunately, a lot of these assets already have built-in protections that already utilize AI in some form (e.g. spam/phishing protection for Gmail, Windows Defender, guest network access for WiFi, etc.), so small business owners would technically already be using AI to secure their small business. The best things that these business owners can do is making sure the existing cybersecurity measures are enabled for their devices, utilize strong passwords (and not reuse them in multiple places), and being sure to double check whether their email and phone correspondence is legitimate to avoid falling victim to social engineering attacks. To summarize, mom-and-pop shops would benefit more from following basic cybersecurity hygiene as opposed to implementing the latest and greatest AI technology. 

If a small business has employees, then the same principles apply as the mom-and-pop shop, but scaled up. Depending on the size of the small business, the business owner may consider utilizing an MSP or MSSP to handle their IT and cybersecurity. If the small business has an in-house IT team, then the owner can consider tasking them with getting EDR and identity management solutions (which can incorporate their own AI), but having an MSSP handle these issues may be the better choice here depending on the cashflow of the business. Similarly, if the business performs most of their activities in the cloud, there would need to be some investment in cybersecurity on that front in terms of the proper security configuration of the cloud services being used.

If you haven’t noticed, there have been no recommendations for AI solutions in this blog post, but it instead shows how having a cybersecurity strategy and basic cybersecurity measures can enhance your defenses much more than focusing on the AI portion of a cybersecurity product. In short, AI cybersecurity for small business should focus more on the “cybersecurity for small business” and less on the “AI” part, especially because most existing cybersecurity solutions either have varying degrees of built-in AI or meet the needs for most small business owners even without the use of AI. 

Using AI For Your Small Business Cybersecurity Data

If there exist small and medium sized business owners out there who are gung-ho about utilizing AI in their cybersecurity programs, then the place to do that would be within their logging data. Assuming you’re following cybersecurity best practices, these logs should already be in your SIEM and will be coming from your endpoints, network devices, servers, and cloud resources. There’s a lot of information that can be obtained through log analysis. From a cybersecurity perspective, you can perform your own threat hunts and user behavior analytics solutions with the right AI expertise. If you prefer to use a product to perform these tasks, just know that you’ll have varying degrees of success with them, as not all AI products are created equal. Here are some questions that can be asked of vendors in order to determine whether the AI in a product is appropriate for your small business:

  1. Can you elaborate how this tool utilizes artificial intelligence?

  2. Can you describe how the models that this tool uses are trained?

  3. Do the models use basic statistical algorithms or do they use deep learning algorithms?

  4. How do we feed the solution data?

  5. Do the models get better as they’re used over time?

  6. Are there any extra costs for onboarding new data into the tool?

  7. Will the prices change for my usage of the tool over time?

  8. How does this tool handle sensitive data?

Keep in mind that you must collect data in your environment before performing any in-house AI cybersecurity related tasks, so be sure to perform this critical step first!

Next Steps in AI Cybersecurity for Small Business

Hopefully this post has illustrated the importance of cybersecurity in small and medium businesses as well as following cybersecurity fundamentals before jumping into any AI solutions. AI should be used as a tool to enhance and improve a business’s current cybersecurity posture and not as a substitute for a cybersecurity strategy. If you’re interested in seeing how AI can help your cybersecurity perform better threat detection without having to invest in entirely new tools, check out QFunction’s AI-based threat hunting! If you’re interested in better securing specific users or systems in your environment, check out QFunction’s targeted user behavior analytics solutions! If you’re a small business looking to start collecting logs in your environment, check out QFunction’s SIEM Setup & Consultancy! And if you’re curious how AI can be used to find network beacon, check out our post on network beacon detection using math!

Ryan Smith
Previous

Talking to Your SIEM Using a Large Language Model
Next

Automated Threat Hunting for Network Beacons Using Zeek and Math