Hacker: SMBs Are Increasingly The ‘Jumping-Off Point’ In Cyberattacks

But the misunderstanding by some smaller businesses they won’t become a target is a major issue, says cybersecurity expert Bryan Seely.


With attackers frequently targeting data or credentials that can enable them to breach other, larger companies, businesses of all sizes can end up a target in the current threat environment, hacker and cybersecurity expert Bryan Seely told an audience of MSP executives Monday.

“If you have weaker security, you become a jumping-off point,” Seely said during the opening keynote of XChange Security 2023, which is hosted by CRN parent The Channel Company and being held this week in Dallas.

[Related: The 10 Biggest Data Breaches of 2023 (So Far)]

Sponsored post

Seely gained notoriety in 2014 after wiretapping the U.S. Secret Service and FBI, and then turning himself in. He was ultimately released, in part because he’d shown no criminal intent, he said during his talk Monday.

His goal, Seely said, has been to demonstrate that even a single hacker can uncover serious security flaws and use them against major targets without anyone noticing.

But even SMBs need to start looking at things from a hacker’s point of view, Seely said — because hackers are frequently going after them, too.

The constant question by companies is, “am I being attacked?” he said. “Yeah — we’re all sort of being attacked all the time.”

For Southwest Networks Inc., an MSP that caters to businesses with fewer than 100 endpoints, a big part of the job today is debunking myths about the risks to clients posed by cyberattacks.

“‘It’ll never happen to me. My data is not important’ — I hear that all the time,” said Matt Disher, president and CEO of the Palm Desert, Calif.-based MSP.

Disher told CRN that his approach with clients has been to recognize that the human side of cybersecurity is paramount.

“You can get all the cool gadgets and tools, but if the employee clicks an email, it’s kind of game over at that point,” he said.

Likewise, in order to combat the misunderstandings among some small businesses about cyber threats, it’s critical to make the effort to reach people in ways that will resonate, according to Disher. Along with a monthly newsletter to clients, he also puts together a monthly video on security-related issues and meets with clients on a quarterly or biannual basis to keep them up-to-date on cybersecurity and the threat landscape.

And for plenty of the MSP’s clients, the phrase “it’ll never happen to me” is no longer part of the vocabulary.

“There’s others that get it and they want the education, they want to be protected,” Disher said. “They want to know what’s going on, because they do understand the risk and appreciate it.”