Easier access, AI open ‘floodgate’ of cyberthreats to businesses

This paid piece is sponsored by Direct Companies.

The days of a single hacker in a basement are over.

In their place, a complicated web of bad actors has emerged, driven by easier access to disruptive cyberthreat tools and supported by the growth of artificial intelligence.

“The floodgates have opened,” said Dorin Hemmelman, lead security adviser for Workplace I.T. Management.

“We’ve evolved from single-acting individuals we used to call hackers to groups of hackers that became organized crime, and now those bad actors are the ones creating tools that anyone can buy. It’s cheap, and there are going to be countless more threats because with a little cash in a country with loose cybersecurity laws, you can make decent money.”

Combine that with the rise of artificial intelligence, and the threat multiplies.

“AI brings common large language model tools to bear, making it harder to spot threats,” Hemmelman said. “So there are a lot more threat actors, and it’s a lot harder to identify when they’re targeting you, and those are two really big things to overcome.”

Workplace I.T., which became part of Sioux Falls-based Direct Companies in 2023, expanded its cybersecurity practice several years ago.

“We didn’t know exactly what it was going to look like, but we all knew it was necessary with what we felt was coming,” said Hemmelman, who leads the effort. “It still changes every day, and even recently it’s changed significantly.”

Workplace I.T. specializes in working with small to midsized businesses to support their managed IT needs. A growing part of the process is ensuring employees are attuned to potential threats. The vast majority of cybersecurity issues begin with “phishing” – generally through email – when a user inadvertently downloads malware or provides access in another way to a bad actor.

“We talk about needing to verify first and trust once you know something is legitimate,” said Joseph Gerhardt, network and system security engineer. “Users are the No. 1 target but also the best defense.”

Using an industry-leading security-awareness training solution, Workplace I.T. trains more than 5,000 of its clients’ employees each month and then provides the client with a report.

In this case, AI provides a benefit – the system is designed so that the better an employee does at catching mock threats, more difficult simulated emails will be sent.

“My favorite part is it transfers a cybersecurity mindset from a chore into something that’s kind of fun,” Gerhardt said. “It’s rewarding to spot those and helps change the way people think about it by making it something that’s engaging.”

It’s also critical training. Even with just a few hours of access to someone’s inbox, bad actors “can use that information to make real-looking emails and continue to phish people,” Hemmelman said.

“There’s a whole world of information they can harvest. If they’ve hooked someone who works in finance, we’ve seen them dig and perform searches in mailboxes for invoices, payment remittance, down payments, and often they’re not looking for any one thing. They’re just looking at who they hooked and what might be of value to them.”

But even in-depth training doesn’t ensure someone won’t slip up – especially as threats become harder to detect and email appears more and more legitimate, even if it’s not.

That’s where Workplace I.T.’s team of experts is ready.

“For the most part, we have a series of alerts and alarms that go off when we see signs of a compromised account,” Hemmelman said. “We then have procedures to lock out that account, kick everybody out that’s logged in. We have an investigation process, and then we help the user get logged in securely and get up and running.”

Workplace I.T. then will follow up with the client and determine how many accounts were affected and for how long, which determines how far an investigation needs to continue.

“We have advanced tools that give a really good look at what’s going on in computer environments,” Gerhardt said. “I’ve seen us be able to detect someone unauthorized in an email account and get them evicted and get it resolved in less than an hour. If all organizations had this technology, there’s a good chance a lot of things would be detected before they have the chance to cause problems.”

To learn more about how Workplace I.T. Management can support your organization’s IT and cybersecurity needs, click here.

Stepping up security: How cutting-edge equipment, tech can keep your business safe