October 22, 2025

SMB cybersecurity challenges are complex, from cloud security setup flaws to AI-powered phishing attacks. This blog summarizes the key takeaways from the One Step Beyond Cyber podcast in a clear and accessible format. You’ll see highlights, direct quotes, and practical advice that every business leader can use right away.

This blog captures highlights from Scott Kreisberg’s discussion with Jim Peterson of ConnectWise on today’s top cyber threats and the defenses every business leader should know. The full podcast episode is linked at the end of this introduction for those who prefer to watch.

How Hackers Exploit SMBs That Think They’re Safe

Many small and mid-sized business leaders cling to the idea that their data isn’t valuable. But as Jim Peterson points out, that’s a dangerous misconception:

“I may not have patents or intellectual property… but I could have employee personnel information, sensitive client information, or even pricing that I really don’t want to get out to the rest of the world.”

Cyber adversaries don’t need to pick favorites. They automate attacks, casting wide nets to exploit weak points wherever they find them.

Consider these alarming trends: Microsoft has publicly reported blocking around 7,000 password attacks per second, a nearly twofold increase from previous years.

In fact, Microsoft is now urging over 1 billion Windows users to transition away from passwords altogether, pushing for a passwordless future via “passkeys” that rely on biometric or device-based authentication.

This shift signals that traditional passwords, once the backbone of security, are now viewed as a liability in many environments.

Once attackers breach perimeter defenses, another danger emerges: dwell time.

The average cyber criminal can remain undetected inside a network for 24 days (some remain for 200+ days), using that time to extract data, plant backdoors, or compromise backups before detection.

With password attacks now widespread and major providers phasing out weak defenses, SMBs must strengthen security or face the consequences.

 

Cyber Hygiene: How SMBs Can Block 99% of Attacks

For small and mid-sized businesses, cybersecurity doesn’t always require expensive tools. In fact, the basics of cyber hygiene can stop up to 99% of cyber attacks.

Enabling multifactor authentication (MFA), applying Zero Trust security principles, and keeping systems patched and up to date all reduce common vulnerabilities.

A Microsoft study found that MFA alone lowers the risk of account compromise by 99.2%, making it one of the most effective defenses available to SMBs today.

Adding layers like extended detection and response (XDR), strong antimalware tools, and regularly tested data backups closes even more gaps, leaving attackers with fewer opportunities.

For SMB leaders, these aren’t just best practices; they’re the foundation of a strategy that reduces cyber risk and protects customer trust.

 

Cloud Convenience vs. Cloud Vulnerability

What about "Moving your company's data to the cloud feels like a fool-proof safety net, but is it? Business leaders often assume that because data lives in platforms like Microsoft 365, Salesforce, or QuickBooks Online, it’s automatically protected against loss or breach. But as the conversation on the One Step Beyond Cyber Podcast revealed, this belief is misleading.

Jim Peterson explained it plainly: “We sign those SaaS agreements… and it solves our problem. But we don’t dig a little deeper to say, how are they protecting our data? What’s the recovery time? How are they using it? There’s lots of questions we don’t ask. And one of those is, what’s my responsibility in this?”.

This gap is known as the shared responsibility model. SaaS providers keep their platforms running, but businesses must secure and back up their own data. In fact, Microsoft’s own service agreement states that it is not liable for customer data loss. Without independent, immutable backups, companies are at risk of losing critical files to accidental deletion, insider misuse, or ransomware.

And the risks go beyond lost files:

  • Simple cloud setup mistakes can make private business data visible to outsiders.

  • Insider threats grow with remote work and multi-cloud setups.

  • Insecure APIs and AI-powered phishing or deepfakes make breaches easier.

  • AI workloads face new attacks, such as poisoned models.

  • With half the world’s data now stored in the cloud, attackers are shifting focus to these environments.

The takeaway: Cloud hosting is not the same as cloud security. SMBs need independent backups, MFA, monitoring, and regular audits to stay safe.

 

Three Non-Negotiables: Protect, Detect, Recover

Peterson broke down cybersecurity into three levels:

  1. Keep bad actors out – Defend against external threats.

  2. Keep good data in – Guard against insider threats and data misuse.

  3. Ensure recovery – Confirm backups actually work when needed.

In his words, “If I’m going to defend for a minimal or simple solution, I’m going to say I need to protect the endpoint, I need to protect the user’s access, and I have to be able to recover”.

This level of protection requires three must-have tools:

Endpoint Detection and Response (EDR/MDR)
The days when antivirus software alone could keep your business safe are long gone. That’s where Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) come in.

EDR continuously monitors your devices to detect both known and unknown attacks, while MDR adds 24/7 human expertise to analyze alerts and respond to threats in real time. Together, they represent the next generation of cybersecurity defense, combining intelligent automation with expert oversight to stop attacks before they cause damage.

Multi-Factor Authentication (MFA)
Still one of the most effective defenses against credential theft.

Immutability and Backups
Systems must be air-gapped and tested regularly. Peterson warned, “97% of the time when a breach happens, bad actors also attack the backup systems”.

This aligns with global findings. IBM’s Cost of a Data Breach 2024 Report found that companies with AI-driven detection and tested incident response programs saved an average of $1.49M per breach compared to unprepared peers.

 

Emerging Risks: IoT Devices and AI-Driven Attacks

Beyond the basics, two rapidly growing risks stood out in the conversation.

Internet of Things (IoT)

IoT devices, from smart thermostats to security cameras, are often installed and forgotten. “They become these vulnerabilities that we have to start thinking about because we’re buying so many of them and installing them everywhere”.

Real-world cases highlight the danger. In 2021, attackers breached 150,000 security cameras across hospitals, schools, and prisons, capturing sensitive footage. For SMBs, unprotected smart devices may become hidden entry points that weaken strong security.

Artificial Intelligence (AI)

Threat actors are leveraging AI to create convincing phishing emails, voice clones, and even deepfake video calls. Peterson noted, “AI helps those bad actors write clear, concise, urgent, compelling copy… they’re good. Really, really good”.

And it’s not hypothetical. Earlier this year, Japanese authorities confirmed that AI-powered deepfakes were used in a scam that defrauded a company of millions.

The same AI wave, however, also benefits defenders. Peterson pointed out that agentic AI can automate repetitive tasks, freeing human IT teams to focus on high-value, complex response actions.

 

Final Thoughts: A Call for Proactive Assessments

The conversation closed with a simple but critical recommendation: routine network assessments. Peterson explained, “Every time I ran one, I found something the business didn’t realize was there… those are the vulnerabilities we want to defend”.

Cybersecurity is not static; your infrastructure changes daily as employees join, devices update, and vendors connect. Regular assessments and security scans help uncover risks before attackers exploit them.

As Kreisberg summarized, “Your infrastructure is a living and breathing thing… every day it’s changing. That’s why network safety scans on a routine basis are essential”.

SMB leaders must use layered security, schedule regular assessments, and stay alert to new threats like IoT and AI. These steps are essential for running a business.

Tune in to the One Step Beyond Cyber Podcast on:

BuzzSprouts | Spotify | Apple Podcast | Amazon Music | YouTube