Small businesses face the same types of cyber threats as their larger counterparts, and some industry specialists say the rise of GenAI could be propelling security risks.

“AI is everywhere you look – unfortunately, that goes for AI cyber threats, too,” says a report by  Viking Cloud, a Michigan-based cybersecurity and compliance company. 

Here’s the latest on top cyber threats against businesses and a few tips on how to protect your company,  employees, customers and data from falling prey to them.

Impact of AI — The Good and Bad

While industry specialists tout AI technology as useful when it comes to strengthening a company’s cybersecurity, they also caution businesses about its ability to give power to cyber criminals.

“AI has had a significant impact on cybersecurity, providing advanced threat detection, real-time monitoring, and automation. However, it has also introduced new risks and challenges,” says IT consultant Greg Phillips.

“Users and businesses are more vulnerable to various attacks, including phishing, deep fake content, and data breaches,” writes Phillips, founder of MyTechCoach, an IT service provider focused on supporting small businesses.

The Viking Cloud study reported that 97 percent of the companies polled said they had GenAI security issues and breaches.

Intentional Cybersecurity

Small businesses need to be deliberate about cybersecurity — it can’t just be a “side project,” says Natasha Bryan, CEO & co-founder of AlphaRidge, an IT services and cybersecurity firm based in New York. 

Get specific and intentional about your company’s efforts, she advises. The first move toward cyber resilience isn’t buying a new tool, Bryan says. “It’s getting smarter about prioritization,” Bryan writes in a Forbes Technology Council post.

Further, she reminds business owners that a successful plan should include everyone.  
“Even if you're a five-person team, cybersecurity responsibilities need to be intentionally distributed.”

Threats to Supply Chains

As more business owners take heed of cyber threats, they’re reviewing potential risks from potential vendors, suppliers and service firms before doing business with them. That close eye can have an effect on supply chains.

By the end of the year, according to the Viking Cloud post, up to 60 percent of companies on supply chains will be using the risk of cybersecurity as a buying consideration when partnering with others.

Further, the risks increase for small businesses because they often lack visibility into the security of their suppliers, industry specialists say. 

Bryan cites this type of supply chain compromise — attacks targeting vendors to reach your business — as a top emerging cyber risk, and advises small businesses to get a third-party risk assessment.

Social Engineering

Social engineering attacks, which are often powered by AI and deepfakes, are reportedly among the most prolific cyber risks this year. 

Up to 98 percent of cyberattacks – against businesses and otherwise – involve social engineering, reports Viking Cloud research.

Small businesses must prioritize their defenses against the rising threats like AI-powered social engineering, Bryan says.

 “Deepfake voice calls impersonating executives require enhanced verification procedures,” she writes in the Forbes post.

Costs of Attacks

Of the more than 5,000 small and medium-sized business owners surveyed by Mastercard, 46 percent experienced a cyberattack on their current business, according to a March post on the credit card company’s website.

Further, nearly one in five that suffered an attack then filed for bankruptcy or closed their business, says the article by Mastercard executives Johan Gerber and Jane Prokop.

“The impact of these attacks — most commonly hacking, malware and phishing, according to the survey — puts a financial strain on businesses,” they write.

“Productivity suffers. Reputational damage lingers: Following an attack, 80 percent said they had to spend time rebuilding trust with clients and partners.”

A survey by insurance provider Hiscox found that only 7 percent of small businesses that experienced a cyberattack and paid a ransom to regain access to their systems or data actually got them back, writes The Playbook senior reporter Andy Medici for The Business Journals.

About 10 percent of the small businesses saw their data leaked online instead, according to the April article.

“In general, cyberattacks and cybercrime [are] increasing,” Mike Maletsky, head of technology and cyber at Hiscox USA, told Medici. “Now with AI, these emails look indistinguishable from the real things,” he adds.

Physical Security

Protecting your systems from physical threats is as important as guarding against digital ones, warns a May post by the National Cybersecurity Alliance.

“A stolen laptop, an unlocked office, or a tampered USB stick can create a doorway into your systems,” the organization says. “In many cases, physical access can overcome software protections because attackers aren't trying to access your systems through the web but in person.” 

Cybersecurity is about software but also about protecting access to your hardware. To lessen these types of risks, the group suggests businesses require workers to shut down or lock devices when not in use, require long, complex and unique passwords, and block USB devices and other removable devices by default.

October is Cybersecurity Awareness Month, launched in 2004 by the National Cybersecurity Alliance & the U.S. Department of Homeland Security.