One of the most notable cybersecurity developments from the US conflict with Iran is that nation-state actors have increased their targeting of small- to medium-sized businesses (SMBs) and mid-market organizations. This activity has increased because they recognize that smaller organizations often serve as entry points to larger supply chains and critical infrastructure. Apparently, large enterprises and governments are no longer the sole valued targets for these threat actors.
Case in point, on April 7, 2026, the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued an email stating in part, “the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), Department of Energy (DOE), and United States Cyber Command – Cyber National Mission Force (CNMF) released a Joint Cybersecurity Advisory urgently warning US organizations of ongoing cyber exploitation of internet-connected operational technology (OT) devices, including Rockwell Automation/Allen-Bradley-manufactured programmable logic controllers (PLCs), across multiple US critical infrastructure sectors.”
Yes, that introductory paragraph contains a huge mouthful of agencies and acronyms. The key point is PLCs are used in small production lines for assembly, packing, and sorting. They are also frequently used in building automation and HVAC systems, as well as in warehouse inventory-tracking systems. In other words, in many places, some one or group with bad intentions could wreak havoc by corrupting the operations of multiple small businesses.
In addition, bad bot traffic (software applications that run automated tasks with malicious intent) has surged to 37% of global internet traffic. Hackers don’t pick targets individually any longer; automated bots generate tens of thousands of vulnerability scans per second as they relentlessly probe every possible website for signs of flaws. Basically, hackers don’t need to target a specific small business. They scan everything online and hit whatever they can find that is vulnerable.
I’m bringing this up because there is one element that can help reduce some potential damage. The single highest-return security control — and the one most commonly skipped or ignored by SMBs is MFA (multifactor authentication). Because once credentials are stolen, MFA is the last line of defense. I’ll admit, I have been complacent in implementing this feature for specific applications and clients, but that will soon change.
However, even with that unique control in place, SMBs still incur financial losses. Cysurance, a leading cyber insurance provider, reports that 98% of its claims stem from Business Email Compromise (BEC) and funds transfer fraud — not ransomware, not data breaches, not advanced persistent threats. All an attacker must do is send a convincing email. The victim updates payment details, and money moves to an account it should never have reached. In many cases, no system was compromised, no credentials were stolen, and no malware was deployed. An employee was flat-out deceived.
How can a small business owner overcome this? By implementing one rule: Any change to payment information must be verified by voice every single time — without exception. Not by email, not by chat, but by a phone call to a known number. The consequence of a staff member not following this rule is immediate termination. How’s that for a no-cost solution to a grievous problem?
Attackers are relentless. They will often target small businesses because, with the right approach, they can achieve disproportionately higher returns for relatively little effort. Modern ransomware operations are industrialized and supported vigorously by artificial intelligence.
The “we’re not interesting enough” or “we’re too small to be attacked” mindset is just not true. It is operationally dangerous. That “head in the sand” approach justifies underinvestment and delays the implementation of security solutions that can make a difference in the business’s survival.
In a recent research paper, SonicWall wrote that a single breach at an SMB could exceed $4M when downtime and recovery are included. For many small business owners, that amount could be a matter of survival. And the cost of a breach far exceeds the cost of the security measures that could have prevented it.
AI has fundamentally changed the speed and scale of cyberattacks, affecting everyone. Crowd Strike’s recent Global Threat Report 2026 states there was an 89% increase in AI-enabled attacks in 2025 compared with 2024. Campaigns that once took weeks to prepare now take hours. Phishing emails that once required manual crafting are now generated, personalized, and localized at scale. Network reconnaissance that previously consumed attacker resources is largely automated.
So, with this increasing threat level in mind, I plan to strengthen my security base throughout the rest of this year, starting with my own environment to ensure it is thoroughly protected. In addition, I will add to the existing stack I offer you (i.e., SentinelOne, Huntress, and Proofpoint) to thwart this ongoing onslaught against your businesses.
Thanks, and safe computing!