MSSP, MSP, Managed Security Services, Endpoint/Device Security, Security Management, Cybersecurity insurance, AI benefits/risks, Generative AI, Attack surface management, Identity, Data Security, Incident Response, Phishing, SOC, Exposure management, Threat Intelligence

AI is turning insider threats into an MSSP opportunity

AI agent data tools and workflow automation concept with businessman typing on laptop and interacting with digital process interface for artificial intelligence development, integration, productivity

Insider threats have been a problem for companies since computers became a staple in the workplace, and the risks have grown since. The threat to corporations has expanded rapidly, with the shift to more remote and hybrid work driven by the pandemic and, later, the introduction of generative and – now – agentic AI.

Whether it’s from negligent workers or malicious employees, the cost to enterprises is enormous. According to SentinelOne, the annual cost of insider incidents this year will cost organizations on average $19.5 million, a 20% increase in two years, with shadow AI attacks being the biggest driver.

About 55% of the incidents are linked to negligent insiders who fall for phishing scams, lose company devices, or inadvertently misconfigure databases. Contractors and business partners account for 15% to 25%, with much of the rest linked to malicious insiders making up most of the rest.

“Sometimes the people you trust and who are closest to you betray you in the worst possible ways,” the company wrote in May. “Malicious insiders have existed for decades, and they aren’t going down in the cloud security and cybersecurity worlds.”

The ongoing rise of insider threats has fuelled a fast-growing employee surveillance and monitoring market that is expected to grow from $719.8 million this year to more than $1.7 billion by 2034, with a range of vendors whose technology tracks everything from productivity and time to security and threat detection.

Detecting insider threat

Among the top vendors in the latter category is Teramind, a 12-year-old company that helps organizations with detecting insider threats, preventing data loss protection (DLP), and tracking on-screen activity. It can be controversial, with WorkWatch Insights noting that when JPMorgan this year was found to be monitoring its junior bankers – tracking their keystrokes, video calls, and meetings – the pushback from workers was immediate.

“The case crystallized a tension that is reshaping workplaces globally: the collision between AI-powered surveillance capabilities and the human need for autonomy and trust,” the company wrote.

Alexandra Courson, vice president of MSP and channel at Teramind, said employee monitoring technology has been controversial, but in the age of AI, that seems to be fading as the number of incidents rises along with the risk that the technology brings and the cost to companies.

“We help organizations understand what's happening inside their environments before it becomes a breach or a loss event or data exfiltration happens,” Courson told MSSP Alert.

AI is a game-changer

MSPs and MSSPs are playing an increasingly important role.

“It's a huge opportunity because their clients are asking for it and it's changed enormously in the last few years, where this used to be the elephant in the room that nobody wanted to talk about because you either had a camp of, ‘We trust our people implicitly and then, oops, we got hit,’ or ‘We locked down everything and we don't trust anybody,’” she said.

The industry has hit a point where there’s little control over AI – particularly with AI agents – and over what employees are doing from a compliance standpoint, she said. It’s brought the idea of employee monitoring into the light, where it can be discussed openly.

MSSPs and MSPs have to decide how to navigate it all. Not only is there an opportunity to help clients clearly see what’s going on inside their companies and where the insider threats may lie, but they also have to figure out how they’re going to manage as AI adoption grows. Courson sees it like a three-part play.

MSSPs have skin in the game

There’s an immediate need to put controls and governance around how people are accessing AI, the data models are being fed, and how agents are using the data. With all of this, there’s a shift in people’s roles. They’re increasingly managing AI rather than employees, which means guardrails and governance are needed.

The AI-driven changes in workers’ roles mean that MSSPs not only need to help clients, but also to navigate the shifting waters to protect their own businesses.

“What we're going to start seeing is there is less of a need for people to be pushing the buttons and doing the things because you're going to start seeing people managing AI,” she said. “If AI is taking those jobs, you're either leveling up with the same number of employees or you have fewer employees. What that means to the MSSPs is a direct reflection on their profit margin, because all of a sudden, they've got fewer seats. They've got people to be putting controls on.”

Courson said, “What we have to do now is understand that this is not just a tech stack issue and a governance issue. It is now a 'How do we manage the project to see what's happening for forward motion and growth to ensure that not only the MSSP is solvent, but their clients are still profitable, and we're doing it without a race to the bottom on profit margin, but we're doing it with a more strategic approach'.”

A hard channel push

MSSPs that can produce a strong insider threat program are successful with it, but it takes education and a cultural shift for many organizations, she said. It tends to start with MSSPs that have more government contractors and clients that work with enterprises and governments, organizations that need to have insider threat programs. Then it trickles down to SMBs.

Teramind is making a hard push to bring more MSSPs and MSPs into the company. Courson said the vendor, which has about 2,000 channel partners, has created an insider threat program that includes certification and assistance for service providers “because we know that this is not something that they just grew up knowing.”

The company has a channel partner program that it initially launched in 2018 and then expanded in 2023 with Partner Program 2.0, giving MSSPs, MSPs, and resellers upgraded tools and behavioral analytics solutions. In April, Teramind announced a distribution agreement with Ingram Micro, making its platform available to Ingram’s network of MSPs, resellers, and VARs.

Teramind also offers partners strategic sales support, collaboration on marketing initiatives, and access to such resources as the partner program and not-for-resale (NFR) licensing.

Ensuring 'the buzz is out there'

The company has put a lot of effort into courting resellers and distributors over the past two years, Courson said, noting that I wouldn't be on staff over here if they were not putting a full-court press effort into the channel.”

“Right now, our main focus is introducing this as an option,” she said, adding that they are talking with MSPs and MSSPs and getting into the more popular marketplaces for the service providers. They are “making sure that the buzz is out there. Because right now, the public is kind of clamoring for a solution. They just don't know what that solution is, so this is our avenue to get there. We're being very, very loud in the channel at the moment.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds