Small and mid-sized businesses (SMBs) are facing a growing wave of cyberattacks, and according to Palo Alto Networks, many of those threats are now originating directly inside the browser.
During a recent discussion with eSecurityPlanet, Shivam Srivastava, VP of Product Management for Prisma Browser for Business at Palo Alto Networks, discussed the growing cybersecurity challenges facing SMBs.
He explained how browser-based attacks, AI-powered phishing, malicious extensions, and SaaS-focused fraud are creating operational and financial risks for smaller organizations.
Srivastava said modern SMB workflows are heavily dependent on browsers because employees rely on SaaS applications, AI tools, payroll systems, banking platforms, and email services that all operate through web interfaces.
He highlighted a stark reality: while 95% of businesses have reported attacks in the browser, the stakes are highest for small businesses. Research indicates roughly 20% of which close their doors permanently after a major cyberattack.
Key Takeaways on SMB Risk
- Browser-based attacks are becoming a major cybersecurity risk for SMBs.
- Attackers are using AI-generated phishing campaigns to create highly personalized scams targeting payroll, banking, and business communications.
- Malicious browser extensions, SaaS abuse, and risky AI tool usage are expanding the attack surface for smaller organizations.
- SMBs often struggle with limited security staffing, fragmented tooling, remote work, and unmanaged devices.
- Shivam recommends using browser protection solutions, employee awareness training, MFA, and better visibility into sensitive data access.
AI Is Making Phishing Faster and More Personalized
Srivastava explained that phishing attacks have evolved significantly with the rise of large language models (LLMs) and AI-generated content.
Traditional phishing campaigns often relied on poorly written messages, obvious templates, and static malicious URLs that could be blocked using basic filtering techniques.
Today, attackers are using AI to create highly personalized phishing messages that mimic legitimate business communications.
He described examples where SMB owners receive emails appearing to come from newly hired employees requesting direct deposit changes or payroll updates.
According to Srivastava, attackers are increasingly monitoring public sources such as LinkedIn to craft convincing and targeted phishing campaigns in real time.
He also noted that AI allows threat actors to rapidly generate and tear down phishing infrastructure, including domains and malicious websites, within minutes.
“These are things that are very targeted,” Srivastava shared, adding that traditional security tools relying on static URLs or templates are becoming less effective against modern AI-assisted phishing campaigns.
Browser Activity Is Expanding the Attack Surface
Beyond phishing, Srivastava identified several browser-related risks increasingly affecting SMBs, including malicious downloads, malware delivered through browser sessions, risky AI application usage, credential theft, and malicious browser extensions.
He explained that many employees unknowingly create risk by moving quickly between applications, downloading extensions, or uploading sensitive information into AI tools without understanding the security implications.
One example involved a healthcare-related customer where an employee uploaded sensitive patient information into an AI application to automate patient email generation.
Srivastava said these types of incidents are becoming more common as employees prioritize productivity and convenience.
He also warned that AI-powered browser extensions and agentic browser tools are introducing new risks.
Some extensions may harvest sensitive information, while others can become compromised over time or allow prompt injection attacks that manipulate browser behavior.
According to Srivastava, browsers themselves are evolving from passive tools into active agents capable of taking actions automatically, which could expand the attack surface for SMBs.
Why SMBs Remain Attractive Targets
Srivastava said SMBs often struggle because traditional cybersecurity products were largely designed for enterprises with centralized infrastructure, dedicated security teams, and tightly managed environments.
In contrast, SMB environments are often decentralized, highly fluid, and heavily dependent on contractors, remote work, SaaS applications, and unmanaged devices.
He noted that many small businesses also struggle with cybersecurity complexity, fragmented tooling, and limited staffing.
According to Srivastava, SMB leaders are often overwhelmed by the number of available security products and cybersecurity acronyms while still lacking confidence that their organizations are adequately protected.
Practical Security Recommendations for SMBs
While many SMBs face budget and staffing constraints, Srivastava emphasized that organizations can still improve security posture by focusing on foundational controls.
He recommended that businesses first gain visibility into where sensitive data resides, who has access to it, and how employees are accessing applications and services.
He also stressed the importance of employee awareness, particularly around phishing, malicious downloads, and risky browser behavior.
According to Srivastava, SMBs should consider secure browser technologies that can embed security protections directly into employee workflows, alongside prioritizing strong credential hygiene and deploying multi-factor authentication (MFA).
“If you do nothing else, but just ask your employees to start using a secure browser, you’ll be much better off than you were yesterday,” Srivastava said.
