You have probably heard people talk about AI making businesses more productive. What gets less airtime is the other side of that coin: AI is making cyber criminals more productive too.
This month, Amazon revealed that a single Russian-speaking hacker, working alone, used generative AI tools to breach over 600 Fortinet firewalls across 55 countries in just five weeks. Not a well-funded nation state group. Not a team of elite hackers. One person, armed with AI.
That story should be a wake-up call for every business in the UK, especially small and mid-sized ones that assume they are too small to be targeted.
The attacker exploited known vulnerabilities in FortiGate firewall appliances. What made this campaign different was the scale and speed. By using generative AI to automate reconnaissance, write exploit code, and adapt attack techniques on the fly, one individual achieved what previously would have required a coordinated team working for months.
FortiGate firewalls are widely used by businesses of all sizes across the UK. If your company uses one and it has not been patched recently, you could have been in the firing line.
The key detail here is “known vulnerabilities.” These were not mysterious zero-day exploits. They were security holes that Fortinet had already released patches for. The businesses that got breached simply had not applied them in time.
For years, small businesses have relied on a comforting assumption: “Why would anyone bother with us when there are bigger fish to fry?” That logic made some sense when attacks required manual effort. A hacker spending weeks targeting a single company would naturally aim for a large enterprise with deep pockets.
AI dismantles that logic entirely.
When an attacker can use AI to scan thousands of targets, identify vulnerable systems, and launch customised attacks automatically, the cost of targeting a 20-person construction firm is basically the same as targeting a multinational. You are no longer too small to attack. You are just small enough to be easy.
Recent data paints a stark picture:
These are not theoretical risks. They are documented trends from the past few weeks alone.
If you work in manufacturing, construction, engineering, or entertainment, pay extra attention. These sectors share common traits that make them attractive targets.
Manufacturers increasingly rely on operational technology (OT) and industrial control systems that were never designed with cybersecurity in mind. With ICS vulnerabilities at record levels, attackers have more entry points than ever. A ransomware attack on a production line does not just mean lost data. It means halted operations, missed deadlines, and broken contracts.
Many manufacturing firms in the Midlands still run legacy systems alongside modern IT infrastructure. That gap between old and new is exactly where attackers love to operate.
Construction companies handle valuable data: project plans, financial information, client details, supply chain contracts. They also tend to have distributed workforces across multiple sites, making consistent security harder to maintain.
The industry’s reliance on email for document sharing and approvals makes it particularly vulnerable to AI-enhanced phishing. When an AI can craft a perfect imitation of your project manager’s writing style, that dodgy email becomes much harder to spot.
Entertainment businesses often work with freelancers, contractors, and temporary staff who need quick access to systems and files. That constant turnover of access credentials is a security headache. Add in valuable intellectual property and tight deadlines that pressure people into cutting corners, and you have a recipe for trouble.
Forget the Hollywood version of hacking. Modern AI-assisted attacks are practical and mundane, which is precisely what makes them dangerous.
AI can analyse your company’s website, social media, and public documents to craft emails that reference real projects, use the right terminology, and mimic the tone of colleagues. Traditional “Nigerian prince” phishing relied on volume over quality. AI-powered phishing combines both.
Instead of manually probing your systems, attackers use AI to scan and identify weaknesses across thousands of businesses simultaneously. Your unpatched firewall, outdated WordPress plugin, or misconfigured cloud storage gets flagged and exploited before you even know there is a problem.
When an AI-assisted attack hits a security measure, it can automatically adjust its approach. Blocked by one method? The AI tries another. This cat-and-mouse game happens at machine speed, far faster than any human security team can respond manually.
AI-generated voice clones and video deepfakes are becoming increasingly convincing. There have already been cases of employees transferring large sums after receiving phone calls from someone who sounded exactly like their CEO. As these tools get cheaper and better, expect this attack vector to hit smaller businesses.
The good news is that defending against AI-powered threats does not require an AI-sized budget. Most successful attacks still exploit basic security gaps. Here is what to prioritise.
The Fortinet breach happened because patches were not applied. Make patching a weekly discipline, not a quarterly afterthought. If you do not have someone responsible for this, that is your first problem to solve.
Yes, new tools like Starkiller can bypass some MFA implementations. But MFA still blocks the vast majority of automated attacks. Use app-based authenticators rather than SMS codes, and consider hardware security keys for admin accounts.
Annual security awareness training is not enough when AI is generating new phishing techniques weekly. Run regular simulated phishing tests. Make it easy and blame-free for staff to report suspicious emails. The goal is a culture where questioning unexpected requests is normal, not awkward.
If an attacker gets into one system, can they reach everything else? Network segmentation limits the blast radius of a breach. Keep your operational technology separate from your corporate IT. Put IoT devices on their own network. The principle is simple: do not let one compromised device become a skeleton key.
Follow the 3-2-1 rule: three copies of your data, on two different types of storage, with one copy offsite. More importantly, test your restore process regularly. A backup you have never tested is just a hope, not a plan.
You cannot defend against what you cannot see. Implement logging and monitoring across your network. Even basic tools that alert you to unusual login patterns or unexpected data transfers can catch an attack in its early stages when damage can still be contained.
When (not if) something happens, who does what? Having a documented, rehearsed plan means the difference between a contained incident and a full-blown crisis. Include contact details for your IT provider, your insurance company, and the ICO (you have 72 hours to report certain breaches under UK GDPR).
This is where having the right IT support becomes critical. A reactive IT provider who only shows up when things break is not going to protect you from AI-powered threats. You need a partner who is proactively monitoring, patching, and testing your defences.
At Magnetar IT, we combine IT support with software development expertise, which means we understand both the infrastructure side and the application side of your security posture. When 89% of support issues are resolved within an hour, your team spends less time exposed to workarounds and shadow IT that create security gaps.
Whether you are a manufacturing firm in Birmingham worried about OT security, a construction company in Coventry managing multi-site access, or an engineering business in Leamington with legacy systems to protect, having an IT partner who understands your industry makes a real difference.
AI has not invented new types of cyber attacks. It has made existing attacks faster, cheaper, and more effective. The businesses that will weather this shift are the ones that treat cybersecurity as an ongoing practice rather than a one-off project.
You do not need to outrun the bear. You just need to outrun the business next door that still has not patched their firewall.
If you are not sure where your business stands, get in touch with Magnetar IT (https://magnetarit.co.uk/contact/) for a no-obligation chat about your security posture. We will give you an honest assessment and practical next steps, no jargon, no scare tactics, just straight answers.
Date:
Author: Rafael Macedo