Small businesses are facing a new wave of cyberattacks, and the playing field has shifted dramatically.
Hackers are no longer simply lone operators relying on technical skill. Now, they鈥檙e armed with powerful AI systems that automate, scale and sharpen their attacks at unprecedented speed. And, according to cybersecurity experts, small firms are now among the most vulnerable targets.
The scale of the problem is fairly clear.
According to Security Today, 82.6% of phishing emails analysed between September 2024 and February 2025 showed signs of AI use. Meanwhile, CrowdStrike reports that 76% of organisations admit they can鈥檛 keep pace with AI-powered attacks. For small businesses lacking dedicated IT teams or enterprise-grade defences, the risks are even greater – it’s simply too difficult too keep up at pace.
鈥淪mall businesses are prime targets because they typically lack the security infrastructure of larger corporations, yet they handle valuable customer data and financial information,鈥 explains Pete Cannata, COO of Atlantic.Net, a leading global managed hosting and cloud services provider. 鈥淗ackers know this, and they’re using AI to exploit these gaps at scale.鈥
More from Artificial Intelligence
- Taiwan’s TSMC Profits Set To Surpass 50% Thanks To AI Chip Demand
- Google And Intel Deepen AI Chip Ties, Indicating That AI Isn’t Just About GPUs Anymore
- The ICO Just Weighed In On AI Agents And Data Protection, Here Is What UK Startups Need To Know
- Sam Altman鈥檚 Robot Tax Plans: What Does It Actually Mean And Who Would It Affect?
- In The AI Age, Do You Still Need To Spend Money On Expensive Phone Cameras?
- Meet Muse Spark, Meta’s AI That Knows You Better Than You Know Yourself
- Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritised Action
- How Is AI Being Used In Dentistry?
The Five AI Threats Every Small Business Should Know
Cannata outlines five major AI-driven threats that are now hitting smaller organisations the hardest and what can be done to stop them.
1. AI-Generated, Highly Personalised Phishing
Phishing has evolved far beyond the days of cartoonish scams and obvious typos. AI now analyses public data, employee profiles and even previous breaches to generate convincing emails targeted at specific people inside a business.
鈥淭he AI can scrape LinkedIn profiles, company websites and previous data breaches to personalise each message,鈥 says Cannata. 鈥淎n HR manager might receive what looks like a legitimate invoice from a known vendor, complete with accurate project details.鈥
To defend against this, Cannata advises implementing DMARC, SPF and DKIM; creating a strong verification culture; deploying AI-powered email filters; and running regular phishing simulations.
2. Deepfake and AI-Powered Impersonation
Deepfakes are moving from what was once a novelty to what is now a threat.
According to KeepNet Labs, more than 10% of companies have already faced deepfake fraud, while SC Media reports that 62% experienced AI-driven attacks in the past year.
鈥淲e’re seeing cases where attackers clone an executive’s voice from publicly available conference talks,鈥 Cannata warns. 鈥淭hey then use that clone to make phone calls requesting immediate action.鈥
Verification protocols for financial requests, multi-person approval and training staff to spot social engineering remain essential.
3. AI-Enhanced Password Cracking
Using huge datasets of leaked credentials, AI tools can now generate shockingly accurate password variants and bypass many common passwords within weeks. According to Tech Advisors, AI tools can break 81% of common passwords within a month.
鈥淚f your password is 鈥楽ummer2024!鈥 you might think you’re being clever,鈥 Cannata says. 鈥淏ut AI tools know that people capitalise the first letter, use seasonal words, add the current year and finish with an exclamation point.鈥
Multi-factor authentication, password managers and dark web monitoring are now baseline requirements rather than optional extras.
4. Shape-Shifting, AI-Generated Malware
Traditional antivirus software can鈥檛 keep up with AI that generates new malware variants on the fly. These polymorphic threats constantly change their 鈥渁ppearance鈥 while maintaining the same malicious function.
鈥淭he malware evolves faster than traditional defences can adapt,鈥 Cannata explains. 鈥淏y the time security databases update to recognise one variant, the AI has already created ten new ones.鈥
Behaviour-based endpoint protection and offline backups are critical tools in preventing these attacks from spreading.
5. Automated Reconnaissance and Attack-Chain Planning
AI doesn鈥檛 just attack – first, it scouts. It scrapes organisational charts, identifies relationships and maps vulnerabilities. VikingCloud research shows 40% of cybersecurity leaders believe recent attacks were driven by AI.
鈥淭he AI builds a complete profile of your business before the attack even begins,鈥 Cannata says. 鈥淚t knows your vendors, your employees, your technology stack, and your weak points.鈥
Limiting public information, conducting regular security audits and adopting zero-trust architecture can significantly reduce risk.
Why Small Businesses Must Act Now
For Cannata, the message is urgent but not hopeless.
鈥淭he reality is that most organisations can’t match the speed of AI-powered attacks. For small businesses, this means being strategic with what you have. Employee training is your first line of defence. Most successful breaches happen because someone clicked a link or approved a request they shouldn’t have.鈥
He adds that accessible security tools – from MFA to AI-powered email filters – can meaningfully reduce exposure: 鈥淲hat matters is taking action now, not after you’ve been hit.鈥
