AI in cybersecurity: How businesses can navigate cyber challenges
AI-powered cyberattacks are targeting small businesses in increasingly dangerous ways. Learn how to protect your company from these evolving threats.
The cybersecurity landscape has transformed dramatically since the launch of ChatGPT in November 2022.
Artificial intelligence now plays a big role in both attack and defence strategies, creating what experts call a “digital arms race”.
For small and medium businesses, understanding this evolving landscape is essential. In this article, we’ll help you to do that.
Here’s what we’ll cover:
The rise of AI-powered cyber threats
Today’s cybercriminals have sophisticated AI tools at their disposal. Instead of the obviously suspicious “Nigerian prince” emails of the past, attackers now deploy AI to craft personalised, grammatically perfect messages that can fool even the most vigilant employees.
“As society becomes fascinated with AI tools like ChatGPT, cybercriminals take advantage by maliciously leveraging this shiny new technology to its full potential, causing severe damage across organisations,” explains Carl Froggett, chief information officer of cybersecurity firm Deep Instinct.
“To defend against AI-generated threats, you need the same calibre of response, using next-generation AI to stay one step ahead.”
The numbers tell a sobering story.
According to recent data, 25% of small business owners report being targeted by scams involving generative AI, such as AI-written emails or deepfake impersonations.
These represent existential threats to your business.
3 AI threats your business should understand
1. Enhanced phishing and business email compromise
AI tools have revolutionised phishing attacks.
Cybercriminals now use large language models to automatically generate convincing emails that sound professional and contextually relevant.
These messages often lack the typos or odd phrasing that gave away scams in the past.
Real-world impact
In October 2023, a family-owned business in Australia lost $1.2 million when their accounts manager was duped by someone who perfectly mimicked a bank officer’s voice and knew recent payment details.
The theft nearly bankrupted the company.
2. Deepfake scams and voice cloning
Perhaps the most alarming development is the rise of deepfakes—artificial but realistic voices, images, or videos that impersonate real people.
Voice cloning tools can recreate a person’s voice from just a few seconds of audio, while video deepfakes can superimpose someone’s face on to an imposter in real time.
“AI voice cloning, now almost indistinguishable from human speech, allows threat actors to extract information and funds from victims more effectively,” warns Wasim Khaled, CEO of AI-driven risk and intelligence platform Blackbird.AI.
“With a small audio sample, an AI voice clone can be used to leave voicemails and texts—even mimicking the speech patterns of loved ones.”
Real-world impact
In January 2024, an employee at a multinational firm was conned out of $25.6 million after joining what appeared to be a video conference with the company’s CFO.
The scammers used AI-generated video and audio to create convincing deepfakes of executives, who then instructed the employee to make the transfers.
3. AI-generated malware and hacking tools
Beyond social engineering, attackers are using AI to write malware, find vulnerabilities, and automate hacking tasks.
Custom AI tools such as “WormGPT” and “FraudGPT” are being sold on underground forums—essentially ChatGPT-like models fine-tuned for cybercrime, with no ethical safeguards.
Real-world impact
In mid-2024, a phishing campaign was discovered carrying a malicious script that appeared to be AI-generated.
The script, once executed, installed data-stealing malware onto the victim’s system.
Security researchers noted this was an “evolutionary step” toward more fully AI-generated malware.
Why your small business might be vulnerable
Small businesses often lack dedicated security teams and enterprise-grade defences, making them particularly susceptible to AI-driven attacks.
Consider these challenges:
- AI scams evade basic training: traditional advice to look for poor grammar or strange requests no longer works when AI-generated scams appear legitimate.
- Resource constraints: keeping up with AI-enabled cyber threats requires resources that many small businesses simply don’t have. Fewer than half of small businesses have cyber insurance, despite the growing risks.
- Trust and reputational damage: if a scammer deepfakes your company’s CEO and tricks customers or partners, your reputation can suffer even though you were the victim.
How to protect your business
While the threat landscape is evolving, you’re not powerless. Here are practical steps you can take to safeguard your business.
1. Implement strong verification procedures
Never rely solely on email, phone calls, or even video conferences to verify sensitive requests.
Establish out-of-band verification protocols (a type of two-factor authentication) for financial transactions and data transfers.
This means using a different communication channel than the one where the request originated.
“The reality is that it is impossible to stop technology and human advancement once it’s already in motion,” notes Ofer Maor, co-founder and chief technology officer at cybersecurity company Mitiga. “The attackers are already building new ways to use this technology for attack and will not be influenced by any calls to slow down.”
2. Educate your team about AI threats
Update your security awareness training to include the latest AI-powered threats. Teach employees to be sceptical of all requests for money or sensitive information, regardless of how legitimate they seem.
Consider implementing code words or phrases that only your actual team members would know, especially for authorising financial transactions.
3. Consider AI-powered defences
Fight fire with fire by exploring AI-based security solutions.
These tools can help detect phishing emails, identify deepfakes, and spot network anomalies faster than human analysts.
It’s going to be necessary to deploy AI in defence to detect AI-generated phishing emails and malware.
This defensive AI—such as machine learning systems that flag content written by chatbots or identify when a voice doesn’t match known patterns—could help level the playing field.
4. Invest in cyber insurance
Given the financial impact of successful attacks, cyber insurance is becoming a necessity rather than a luxury. Look for policies that specifically cover AI-related incidents, including social engineering fraud.
Final thoughts
The integration of AI into both cyberattacks and cyber defence will only deepen in the coming years.
For small businesses, continued education and adaptation are the keys to staying secure.
By understanding how AI is being exploited by criminals and implementing robust countermeasures, your business can build resilience against these evolving threats.
