AI is reshaping cybersecurity on both sides of the equation. While defenders can use it to improve analysis and operational efficiency, attackers are using it to move faster, scale more easily, and exploit trust with greater precision.<\/p>\n
This shift is forcing organizations, particularly small and mid-sized businesses, to rethink what effective security actually looks like. As AI-driven cyberthreats increase pressure on IT and security teams, resilience is becoming a more practical measure of cybersecurity maturity.<\/p>\n
These insights come from, From Fragile to Resilient: Rethinking Security Operations in the Age of AI<\/a>, which draws on Futurum Group research and practical perspectives from Fernando Montenegro, Vice President and Practice Lead, Cybersecurity and Resilience at The Futurum Group<\/strong>, and Nicole Reineke, Chief AI Officer<\/strong>, who connected the discussion to practical security operations, resilience, and recovery.<\/p>\n Futurum’s research found that 62% of mid-market organizations agree<\/strong> that AI-driven phishing and deepfake scams are on the rise, including 37.9%<\/strong> who strongly agree and 24.1%<\/strong> who agree.<\/p>\n What matters most is how attackers are applying AI, in areas where trust, speed, and scale directly influence success. Phishing and deep-fake scams exploit human judgment as much as technical weakness. As these tactics become more convincing, organizations need stronger ways to validate activity, educate users, and detect suspicious behavior across systems and channels.<\/p>\n AI changes the economics of attacker activity. It lowers the barrier to producing more advanced outcomes, even for those individuals with limited technical knowledge. In cybersecurity, that means adversaries can experiment more easily across different types of attacks, messages, and environments.<\/p>\n Montenegro highlights a key asymmetry. If an organization uses AI poorly and creates an unreliable workflow, it bears the consequences. An attacker who fails simply moves on to another target. For security teams, that imbalance makes reliability and governance just as important as detection speed.<\/p>\n Defenders need governance, reliability, accountability, and continuity. Attackers often only need one workable path. That asymmetry makes it harder for security teams to keep pace, especially when AI enables adversaries to scale their activity more efficiently.<\/p>\n The pressure from AI-driven cyberthreats is landing on teams already managing highly complex environments.<\/p>\n Montenegro notes that technology has expanded in two dimensions: there is more technology everywhere, and there are more types of technology to manage. Security teams may need to support firewalls, SaaS applications, identity systems, endpoint tools, cloud services, and compliance requirements, without deep specialization across all of them.<\/p>\n Futurum’s research notes that many security teams are often composed of capable generalists responsible for infrastructure, compliance, and defense simultaneously. It also points out that it is unrealistic to expect these teams to match the depth of large-scale enterprise security operations centers.<\/p>\n This is where cyber resilience becomes an operational requirement. If teams are already stretched, they need approaches that help them focus on the signals that matter and maintain continuity when disruption occurs.<\/p>\n Security teams are not only dealing with more threats; they are operating in environments that are increasingly difficult to fully understand and govern.<\/p>\n Futurum’s findings highlight risks from internal AI adoption, including new APIs and third-party connections, proprietary data exposure when sensitive data is used in public or semi-public models, and the rise of “shadow AI,” where employees use unmanaged tools outside governance processes. The research states that the attack surface is not just expanding; it is becoming more opaque.<\/p>\n Teams cannot manage risks they cannot see. Montenegro emphasizes the need for coordination across the business, because technology now touches nearly every function. IT and security teams need to work closely with other departments to understand where risk exists and which business processes are most exposed.<\/p>\n Prevention still plays an important role, but it cannot operate in isolation. Montenegro reinforces that prevention and protection remain important, while making it clear that prevention alone is no longer sufficient.<\/p>\n Futurum’s research supports this perspective, advocating for a move from fragmented, alert-driven security toward a unified program that manages risk across the full lifecycle of a threat: minimizing exposure, reducing impact, and maintaining continuity.<\/p>\n Reineke connects this to practical areas including endpoint management, patching, vulnerability detection, containment, recovery, rollback, instant recoverability, and failover.<\/p>\n The goal is not to abandon prevention. It is to connect prevention with detection, containment, recovery, and continuous improvement.<\/p>\n This shift is also reflected in the evolution of modern cyber resiliency platforms which are bringing together endpoint visibility, threat detection, and recovery into a more unified approach. Solutions such as N‑central<\/a> for endpoint visibility and management, alongside AI-driven threats are shifting the conversation from tools to outcomes, helping organizations assess where visibility gaps exist, which risks are most urgent, and whether their current approach addresses detection, response, and recovery alongside prevention.<\/p>\n AI is increasing both the speed and complexity of the threat landscape. Clients may not always think in terms of attack surface management or blast radius, but they understand downtime, reputational risk, and operational disruption. By framing cybersecurity around resilience, security and IT leaders can position it as a business continuity priority rather than simply a technical issue.<\/p>\n AI-driven cyberthreats are exposing the limits of security models built around manual investigation, fragmented visibility, and reactive response. Prevention still matters, but organizations also need the ability to understand risk, respond quickly, and recover confidently.<\/p>\n That is why the cybersecurity conversation is shifting from reaction to resilience.<\/p>\n","protected":false},"excerpt":{"rendered":" AI is reshaping cybersecurity on both sides of the equation. While defenders can use it to improve analysis and operational efficiency, attackers are using it to move faster, scale more…<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-85311","post","type-post","status-publish","format-standard","hentry","topic-cyber-resilience","topic-security"],"acf":[],"yoast_head":"\nKey takeaways<\/h2>\n
\n
How AI shifts attacker capability<\/h2>\n
Security teams are already stretched<\/h2>\n
The attack surface is becoming more opaque<\/h2>\n
Why prevention alone is no longer enough<\/h2>\n
\nCove Data Protection<\/a> for secure backup and rapid recovery, are designed to support this more integrated model. Rather than relying on fragmented tools, organizations are increasingly adopting platforms that reduce complexity while strengthening their ability to respond and recover with confidence.<\/p>\nWhat this means for organizations<\/h2>\n
Final thought<\/h2>\n