COMMENTARY: We keep talking about smarter attacks, AI-driven phishing, and nation-state tactics, but when you trace most incidents back, they still have the same gaps - identity, patching, and user behavior. This is about operationalizing the basics at scale. Security providers need to stop relying on users to “do the right thing” and instead enforce it through policy, automation, and tightly integrated platforms. That’s also where margin and differentiation come from. Reducing exposure across customers through fewer weak credentials, faster patch cycles, and clearer visibility into activity enables security providers to deliver a measurable security outcome. And that’s ultimately what customers are buying today.
From zero-days to nation-state campaigns, it’s tempting to think automation is making attacks more sophisticated. In reality, bad actors are finding better ways to identify backdoors at scale. The result is breaches that, more often than not, still trace back to human lapses like weak passwords, unpatched devices, or clicked links.
In other words, we’re not losing the security battle to masterminds but to the basics. For security providers, there’s a clear opportunity to step in, centralize security policy enforcement, and close off the straightforward entry points that too many organizations leave exposed.
Poor cyber hygiene and preventable attacks
Despite the pace of technological change, most breaches still come down to low-hanging fruit.
Human risk remains the top cybersecurity challenge, with 8% of employees responsible for 80% of incidents—typically due to fatigue, distraction, or phishing, rather than intent.
There’s also a persistent issue with poor cyber hygiene.
As cybersecurity expert Chuck Brooks recently noted at Hexnode Live, “1234” remains one of the most common passwords. He also shared an example of a major surveillance system that stayed vulnerable for a decade because the password was the organization’s name. These failures sit at the intersection of technical gaps and human behavior, and they are preventable with the right guardrails.
The need for automated ecosystem orchestration
We’re entering an era where automated attacks can outpace human response.
Microsoft reports that AI-generated phishing messages are more than four times as likely to be opened and acted upon as those written manually. Keeping up becomes difficult when familiar attack methods are amplified by automation.
Defensive automation can help close that gap. Tools that enforce password policies, deploy patches, and manage access controls allow security providers to systematically eliminate common entry points rather than relying on end users to do the right thing every time.
This matters even more as providers increasingly act as the last line of defense.
A large percentage of SMEs rely on MSPs, with many fully outsourcing IT management. That shifts responsibility to the channel to stop threats early, and automated enforcement is one of the few ways to do that at scale.
Smarter tech stacks and stopping simple breaches
To respond effectively, security providers need to build tech stacks around complementary controls. Start with centralized management to reduce human error. Unified endpoint management (UEM) helps enforce password policies, secure device configurations, and push updates during off-peak hours. That reduces exposure to weak credentials and known vulnerabilities.
From there, visibility becomes critical. Extended detection and response (XDR) provides a unified view of threats across environments. Combined with UEM, it creates a feedback loop between proactive management and real-time response, making it easier to detect and investigate anomalies.
Scale works both ways. Security providers manage multiple clients, which gives them insight into emerging attack patterns. That visibility can be used to strengthen defenses before issues spread. At the same time, automation isn’t limited to attackers. AI is already helping technicians query systems, execute actions, and resolve tickets faster, improving efficiency without increasing headcount.
Attacks may be getting smarter, but breaches largely remain predictable. Security providers that enforce the basics at scale are better positioned to eliminate simple vulnerabilities and manage the most persistent risk in any environment: human behavior.
MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].