In the world of cybersecurity, many people see Artificial Intelligence (AI) as a double-edged sword of risk and opportunity. A Capterra survey of 4,000 IT professionals found that 36% see AI-enhanced attacks as a top threat for their company over the next year.*
However, Amanda Johnstone[1], an AI technologist and TIME Next Gen Leader, tells us AI can be just as powerful when used for defense instead of offense.
Johnstone says AI-powered features are increasingly common in IT management and security software, noting “what was once a Fortune 2000 privilege is now accessible to all."
The hard part now is choosing strategies and specific products that will maximize your company’s protections against rapidly evolving cyberthreats—especially if you run a lean team with limited security expertise. We’ve combined Johnstone’s recommendations with our takeaways from new Capterra surveys of IT pros worldwide to help you bolster your security.
1. Review your resources: What’s your current defense for AI-enhanced threats?
“AI advancements—including deepfakes and voice cloning—are sophisticated enough to fool even experienced IT professionals,” notes Johnstone.
Many companies are already adapting to meet this challenge, with a Capterra survey finding that 60% of IT and security professionals have developed specific measures to defend against AI-generated deepfake attacks at their companies.**
“I am surprised that not everyone is defending against AI-generated deepfake attacks,” says Johnstone. “100% of companies should develop measures to defend against this; it should be something that we're all thinking about straight off the bat. Compliance and risk mitigation are paramount for businesses that store financial and health information, or data about people who are underage, like schools, for example. And when we consider industries like real estate, banking, education, health, defense, retail, and telecommunications, they're all really vulnerable to cyber attacks,”
For many small and midsize businesses (SMBs), limited resources and outdated security practices increase their vulnerability—especially given the variety of ways cybercriminals are applying AI.
Your first step to increased protection is to audit what you’re currently doing and using. If your business relies on a basic IT management system without additional protective measures, more than that may be needed to fend off these threats. Johnstone advises that businesses should not assume default features in IT management software cover them.
“To fix cybersecurity vulnerabilities, remove the shame [of being unprepared or fooled] and ensure people have not only financial resources but also the right tools and decisions at their disposal,” says Johnstone.
She emphasizes these critical strategies to strengthen your security posture:
Don't make assumptions: Companies must not rely on default features in IT management systems to cover them. Policies, training, and tools that haven't been updated in years leave a gap. “Every business must be prepared for cyber attack one day… It's not a matter of ‘if’ but ‘when’," Johnstone advises.
Review your policies regularly: Johnstone emphasizes, "Companies must regularly reassess IT vulnerabilities. Removing shame and ensuring people have not only financial resources but also the right tools and decisions are crucial." Regular updates to IT policies and tools are essential to staying ahead of evolving threats.
Engage a cybersecurity professional or consultant: For businesses struggling to keep up with evolving threats, Johnstone recommends hiring external help. “Compliance guidelines vary by data type and industry, but every organization should hire an expert—whether a consultant or a CISO—when addressing or investing in cybersecurity," Johnstone advises. Engaging a professional ensures your business’s unique risks are thoroughly assessed and tailored solutions are implemented to close any security gaps.
By following these guidelines, small businesses can transform their IT management systems into a more comprehensive line of defense, minimizing risks and staying ahead of potential threats.
Dashboard from IT management platform (Source)
If you are using a basic IT management tool, consider upgrading to a more advanced plan. While entry-level options provide core features like alerts and asset management, premium plans can offer stronger security features. Check our IT Management Software Buyers Guide for more details.
2. Fight AI with AI: Can you upgrade your software with more advanced capabilities?
“AI’s role in cybersecurity is evolving from reactive to proactive, identifying potential threats and even predicting attacks before they happen,” says Johnstone.
If you’ve determined your current tools and processes aren’t enough to deal with new cyber threats, look for software vendors that incorporate AI to detect and respond to threats in real time. Advanced network monitoring systems with AI can identify unusual patterns, while generative AI can quickly pinpoint the root cause of network issues. According to Gartner’s Predicts 2024: AI & Cybersecurity—Turning Disruption Into an Opportunity[2], AI-enhanced tools provide continuous threat exposure management (CTEM), which not only helps businesses stay ahead of threats but also reduces the response burden by validating potential risks through simulations and predictive analytics.
When vetting a platform, here are some questions to ask vendors:
How does your product use AI to enhance security?
Can your software detect and adapt to new threats autonomously?
Are there predictive features in the solution that help anticipate attacks before they happen?
AI-driven cybersecurity solutions can help teams adapt to quickly evolving threats by analyzing vast amounts of data across the network in real-time. These systems can automatically adjust security protocols based on threat intelligence, identify patterns of potential attacks, and anticipate vulnerabilities before they are exploited. This dynamic risk management includes features like automated threat prioritization, which evaluates the severity and business impact of each risk, and attack path mapping, which analyzes possible routes attackers could take through a network. AI’s ability to continuously learn and refine these assessments helps security professionals prioritize high-risk exposures and respond immediately, minimizing potential damage. [2]
As Johnstone notes, AI’s continuous learning ability means all day and night, improving the accuracy of threat detection, an essential feature for businesses that need round-the-clock security without employing a 24/7 team.
Patch Management Software embeds AI to unlock organizational efficiency and automation across the digital ecosystem. (Source)
Look for network monitoring software with real-time alerts, security features, and detailed reporting to optimize system performance. For more buying tips, see our Network Monitoring Software Buyers Guide.
3. Hire help if needed: Where can an agency partner make the biggest impact on your security?
“When reassessing IT operations, engage a professional to guide you. Develop a risk matrix that involves the entire senior leadership team, understand your client base, and reverse engineer from there. When vetting an agency, avoid consultants who can't simplify their explanations. They should be able to explain things clearly—like to a 10-year-old—and guide leaders at all levels without judgment," Johnstone says.
The complexity of modern threats often requires specialized knowledge from an external expert. Of the most powerful services these agencies can provide is a vulnerability assessment to identify weak points. According to Gartner's 2024 Strategic Roadmap for Managing Threat Exposure[3], vulnerability management should evolve into a continuous threat exposure management practice, focusing on broader organizational risk rather than just individual technical vulnerabilities.
If you don’t have the resources internally to take these kinds of steps, seek a managed security provider or consultant to help guide your cybersecurity strategy. Many can even arrange simulation exercises like the one shown below.
Ethical hacker Rachel Tobac exposes vulnerabilities in billionaire Jeffrey Katzenberg’s cybersecurity.[4]
Engaging a managed security service provider (MSSP) can give SMBs access to 24/7 monitoring, incident response, and specialized expertise without building a large in-house team. MSSPs offer services like breach and attack simulations and use predictive AI tools to identify and mitigate risks before they become major incidents or hacks. Explore more cybersecurity providers and client reviews here.
AI from threat to ally: Final steps to secure your business
AI is transforming the landscape of cybersecurity, both for attackers and defenders. For small businesses, understanding how to turn AI into an ally can mean the difference between becoming a victim and staying protected.
"Cyberattacks are a certainty, not a possibility. Founders and executives must prepare now, as the likelihood of facing a breach is nearly 100%," says Johnstone.
Johnstone’s insights remind us that while the threats are real, the tools to combat them are within reach. By reviewing your current defenses, upgrading your software with advanced AI capabilities, and bringing in expert help when needed, your business can turn AI into a powerful asset.
Here’s how you can take action:
Reassess Your Defenses: Regularly review IT policies and systems to stay updated against evolving threats.
Leverage AI: Upgrade your tools to include AI-enhanced capabilities to predict and respond to threats.
Consider Expert Help: When in doubt, hire a consultant or MSSP to guide your strategy and fill in the gaps.
With the right setup, AI can be one of your strongest allies in the fight against cybercrime.
For more resources on this topic, check out Capterra’s Cybersecurity Checklist-Incident Response Plan.