Cybersecurity Overhaul: AI, Ransomware, and 400M Fewer Windows PCs Challenge SMBs in 2025

[00:00:02] It's Friday, June 27th, 2025, and I'm Dave Sobel. Three things to know today. AI and Ransomware are redefining SMB cybersecurity, forcing a total rethink of endpoint and browser defense. Microsoft and vendors pivot toward resilience as a competitive differentiator. 400 million Windows PCs disappear, signaling a shift in user-device strategy. And AI's second-order effects from elections to education are sparking ethical and business challenges.

[00:00:30] This is the Business of Tech. In 2025, small and mid-market businesses are facing a critical cybersecurity landscape, characterized by the dual threats of advanced artificial intelligence tool and a resurgence of ransomware attacks. As highlighted by TechIsle, the democratization of AI is enabling cybercriminals to execute sophisticated phishing campaigns and impersonation tactics,

[00:00:54] while ransomware-as-a-service platforms are facilitating multi-pronged extortion strategies that threaten data integrity and reputational security. Analyst Insights revealed that the traditional security measures are becoming obsolete, and organizations must adopt enterprise-gauge solutions like unified security platforms and zero-trust frameworks to safeguard their operations.

[00:01:14] With 95% of security incidents linked to browser vulnerabilities, the introduction of secure browser technologies is expected to play a vital role in enhancing defenses. Hundreds of model context protocol servers on the web are currently misconfigured, exposing users of artificial intelligence applications to significant cyber threats, including sensitive data leaks and remote code execution attacks.

[00:01:39] Researchers from Backslash Security have identified over 15,000 of these servers worldwide, with approximately 7,000 publicly accessible and about 70 showing critical vulnerabilities. The misconfigurations often allow unauthorized access to internal data, raising concerns about security practices as these technologies are rapidly adopted.

[00:02:00] According to the Chief Technology Officer of Backlash Security, the specifications for these servers are still being defined, resulting in inadequate security measures. As organizations increasingly use model context protocols, the risks linked to their implementation are becoming more serious, demanding focus on security best practices to protect sensitive information.

[00:02:21] A recent report from Tenable shows that nearly one in 10 publicly accessible cloud storage buckets contain sensitive data, with a large portion labeled as confidential or restricted. Despite advancements in security measures, researchers found that Amazon Web Services' Google Cloud Platform and Microsoft Azure still have vulnerabilities in their cloud setups that could reveal secret information.

[00:02:45] The report points out that while over 80% of organizations using AWS have enabled identity checking services, sensitive data was found in 54% of elastic container service task definitions and 52% of Google Cloud-run environment variables. Additionally, more than a quarter of Amazon Web Services users were storing sensitive information in user data, raising worries about potential security breaches.

[00:03:09] Tenable also noted a decrease in the number of organizations with critically vulnerable cloud instances, but stressed that the presence of these toxic cloud trilogies remain a serious concern for cloud storage users. In a significant decline, 400 million Windows personal computers have vanished in the past three years, leaving the total number of active devices below one billion. This drop represents more than a quarter of the installed base, according to data from Microsoft,

[00:03:37] which reported 1.4 billion active devices in January of 2022, a stark contrast to the current figure. The trend suggests a shift in consumer behavior with many opting for mobile devices and tablets instead of replacing aging PCs. Microsoft executive Yusuf Mehdi indicated that while Windows remains the most widely used operating system, the consumer market for personal computers has diminished significantly.

[00:04:03] The implications of the upcoming end of support for Windows 10 in October 2025 may further influence the trend as users may choose not to invest in new devices. Now why do we care? 400 million fewer active Windows PCs is not just a consumer shift, it reflects a broader change in endpoint strategy. And the traditional perimeter is gone and even the desktop is fading. Whether it's AI workloads, ransomware targeting browsers, or cloud platforms leaking secrets,

[00:04:33] the common theme is that trust boundaries have dissolved. For providers, this is not just a technical shift, it's a business model reset. Security must be consultative, layered and continuously validated, not transactional. Cloud must be configuration-aware and compliance-aligned. AI must be treated like code, not magic. It needs its own security scrutiny. And endpoint strategies must move beyond device management to user and data control across platforms.

[00:05:03] The providers who internalize this and build offerings aligned with risk reduction, not just uptime, will own the next chapter of the S&P Tech stack. Are you and your clients tired of the time-consuming ticket tennis of coordinating meetings and help desk calls? Wouldn't it be better to automate this process with a tool that connects directly to ConnectWise Manage or Autotask?

[00:05:31] TimeZest offers scheduling automation that gives you complete control of your schedule and eliminates the hassle of calendar ping pong. As the only service designed specifically for MSPs, it integrates into your workflow and makes scheduling appointments easy on you and your clients. Plus, you can try TimeZest for free.

[00:05:54] Visit TimeZest.com slash MSP Radio and use the code MSP Radio to get 10% off your first year of TimeZest. Microsoft has announced new security measures aimed at preventing incidents similar to last summer's CrowdStrike meltdown, which caused billions of dollars in damages by disrupting critical systems worldwide. The company will implement a significant change by moving third-party security drivers out of the Windows kernel

[00:06:22] to enhance reliability and reduce the risk of catastrophic crashes. These changes will be rolled out in July, starting with a private preview for select partners. Additionally, the update will introduce features like Quick Machine Recovery, which automates fixes for devices stuck in restart loops, and improvements to the crash report process, significantly reducing downtime. The new architecture aims to enhance overall system stability while addressing previous vulnerabilities that led to widespread disruptions.

[00:06:51] The transition to this new framework will require time and rigorous testing, and not all partners have committed to moving their drivers out of the kernel space. Microsoft is offering Windows 10 users a way to continue receiving support even after the end of support date in October 2025. For the first time, users can purchase a year of extended security updates for $30, or redeem a thousand Microsoft Rewards points.

[00:07:16] This extended security update program will provide bug fixes, security updates, and technical support until October 2026. While users can continue using Windows 10 without paying for the updates, they will not receive major updates after the deadline. Microsoft is also committed to delivering security updates for Microsoft 365 applications and Windows Defender antivirus until October 2028.

[00:07:40] The enrollment process for these updates is set to begin in July, with broader availability expected by mid-August. ActionOne has launched a new patch management platform designed specifically for managed service providers, offering a scalable free tier for up to 200 endpoints. The platform, named ActionOne for MSPs, aims to improve patch reliability and address common challenges faced by providers, such as fragmented visibility and outdated scan data.

[00:08:07] The new platform utilizes peer-to-peer patch distribution to reduce bandwidth usage, allowing devices on the same network to share updates. GUARDS has introduced a new identity threat detection and response capability to enhance its unified managed detection and response platform. The feature gives improved visibility into user behavior and identity-driven attacks across platforms such as Microsoft 365 and Google Workspace.

[00:08:33] GUARDS aims to fill visibility gaps by detecting tactics such as token theft and mailbox takeovers. The new service offers customizable response workflows, allowing providers to maintain control during incident responses, and is designed to support their unique engagement styles. Barracuda Networks has launched a new service called Managed Vulnerability Security, designed to help organizations identify and prioritize cybersecurity vulnerabilities.

[00:09:00] This fully managed service leverages Barracuda's Global Security Operations Center to provide comprehensive vulnerability scanning and reporting across networks and cloud infrastructures. Reports include an audit summary and a prioritized remediation plan. Spectra has launched its Certification of Resilience for Managed Service Providers, a certification tied to performance outcomes and insurance qualification.

[00:09:25] The certification is company-based, meaning it is not reliant on individual personnel, thus ensuring continuity in expertise. Certified Managed Service Providers will have access to preferred insurance providers, which could enhance their market position and streamline insurance underwriting. Why do we care? Well, the real trend here is structural resilience becoming a differentiator. Microsoft is, finally, hardening the foundations of Windows security. Vendors are delivering platform features that reduce operational friction.

[00:09:55] And business model innovations like Spectra certification are positioning resilience as a competitive and insurable asset. Providers who position themselves as resilience architects will have an edge. This requires more than offering patching or identity monitoring. It means aligning services, architecture, and risk planning into a cohesive strategic offer. Beware of shiny objects. Focus on bulletproofing client operations and being able to prove it.

[00:10:24] This set of Friday Big Ideas has a bit of a theme to consider. In Business Insider, Salesforce Chief Executive Officer Mark Benioff has stated that up to 50% of the company's work is currently being performed by artificial intelligence. It raises significant questions about the future of Salesforce's workforce, which numbered over 76,000 employees as of January 2025. And in a recent discussion, Senator Bernie Sanders suggested that if artificial intelligence is as transformative as claimed,

[00:10:54] then workers should benefit from a reduced 30 hour work week. Sanders argues that technology should enhance the lives of all workers, not just corporate executives, emphasizing the need for more time for personal pursuits and family. All this conversation may not be all great as the New York Times highlights how artificial intelligence is increasingly undermining democratic processes around the world, with evidence from over 50 countries indicating its disruptive influence in elections.

[00:11:22] A report by the International Panel on the Information Environment found that in 2024, artificial intelligence played a significant role in more than 80% of elections surveyed with 215 documented instances of manipulation. And it may not be great in education either.

[00:11:38] A recent study from the Massachusetts Institute of Technology's Media Lab indicates that students who relied on ChatGPT for writing tasks exhibited lower brain engagement and creative output compared to their peers who wrote without assistance. In the study, 54 participants aged 18 to 39 were divided into three groups. One used ChatGPT, another used Google search, and the last wrote without any tools.

[00:12:05] The ChatGPT group produced essays that lacked originality and depth, with researchers noting a decline in engagement over time. In a related note, a study from Pew Research indicates that around 25% of US teenagers have utilized AI tools for schoolwork, reflecting a growing trend in educational technology. The MIT paper is still awaiting pure review. And second-order effects include unexpected impacts, and here's one I didn't call.

[00:12:33] Fan fiction writers are coming together to defend their work from being used without permission. Recently, over 12 million fan fiction stories were scraped from the online repository Archive of Our Own and uploaded to a public dataset, causing outrage among the fan community. Fan fiction writers, who usually operate within a gift economy and do not make a profit from their work, argue that their creations are being exploited to train generative AI models.

[00:13:00] The Organization for Transformative Works, which manages Archive of Our Own, has taken steps to protect user content, but problems remain, as some scrapers continue to upload fan fiction to less regulated platforms. But I won't make it all a bummer. From Information Week, shadow IT, often seen as a security risk, might actually act as a driver for innovation within organizations.

[00:13:25] As unauthorized technology use grows, especially with artificial intelligence applications, IT departments are encouraged to shift their focus from stopping it to managing it. A recent report by Sky High Security showed that companies are using over 320 unapproved AI applications, with traffic to these tools increasing by 200% last year.

[00:13:47] Additionally, a survey from Harness indicated that only 48% of developers use IT-approved AI tools, revealing a large gap between business needs and technology solutions. Experts recommend that organizations should view shadow IT as an opportunity to find and expand effective tools, rather than imposing strict rules that could worsen covert usage.

[00:14:09] By creating an environment where employees can use innovative tech solutions, businesses can improve resilience and gain a competitive edge in the fast-changing digital world. Now why do we care? Benioff's comment is the tell. We're still in the AI hype phase, where big claims are designed to stimulate demand, not reflect reality.

[00:14:31] If 50% of your work is AI-driven and nothing changes structurally in your company, either you're overstating impact or hoarding gains. Sanders' position, while politically loaded, is more practical. If AI raises productivity, it must be translated into time, compensation or well-being for workers, too. Otherwise, backlash is inevitable. Because unlike Benioff's claims, the New York Times reports that AI disrupted more than 80% of elections globally last year.

[00:15:01] That's not hyperbole. It's based on 215 documented manipulation incidents across 50 countries. AI can enhance operations, but unregulated use actively threatens stability. While the MIT paper is pending peer review, it highlights a critical question for educators and employers alike. Are we training a generation to think less deeply? And the fanfiction example isn't a fringe issue. It's a bellwether for future content disputes across industries.

[00:15:31] For IT services firms managing compliance or advising on ethical data use, client policies around AI data sourcing are about to become a lot more relevant. For providers, this underscores two imperatives. Build trust by helping clients manage the messy reality of AI. Ethics, compliance, creativity loss, and shadow tools. And push back on inflated AI vendor claims. Your credibility comes from honest assessment, not hype adoption.

[00:16:02] Today's episode is supported by Huntress. Most cybersecurity solutions are built for massive enterprises with big budgets. Not Huntress. They're the fully managed cybersecurity platform built for all businesses, not just the 1%. Huntress purposely builds security solutions like EDR, ITDR, SIM, and security awareness training to equip their team of elite threat hunters to handle the heavy lifting of security for you.

[00:16:28] When threat actors strike, Huntress' 24x7 Global Sock shuts them down before they're even on anyone else's radar. But they do more than just chase alerts. They lead the charge in industry research and knowledge, bringing expert protection and peace of mind. That's why users on G2 rate their EDR number one for growing businesses. To see how their expert threat hunting team gets the job done, visit Huntress.com slash MSB Radio.

[00:16:59] Thanks for listening. It's National Orange Blossom Day, National Onion Day, and National Women's Fly Fishing Day. Guys, you stick to your onions. Join me for a webinar sponsored by ThreatDown, AI's Dark Side, What Every MSP Needs to Know. Visit bit.ly slash ThreatDown to register for that one. A programming note, I'll be taking time off next week leading up to the July 4th holiday, so you get some great interview episodes next Monday, Wednesday, and Friday.

[00:17:27] Or join me next Wednesday for a webinar sponsored by Nerdio, Modern Endpoint Management with Intune, What Works and What Doesn't. Visit bit.ly slash Nerdio webinar to sign up for that one. Talk to you again after the holiday. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly.

[00:17:56] Give us a review too. If you want to support the show, visit patreon.com slash MSP Radio and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech. Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn.

[00:18:24] If you've got a comment or a thought on a story, put it in the comments if you're on YouTube or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit mspradio.com slash engage. Once again, thanks for listening and I will talk to you again on our next episode. Part of the MSP Radio Network.