When Cybersecurity Fails: What Happens, and What to do
We thought we were covered. Until we got cyber attacked
This is the nightmare scenario that plays out across boardrooms and Zoom calls more than most executives care to admit.
Business leaders often assume that cybersecurity is “sorted”, until the ransomware hits, systems are locked down, and the team is scrambling to figure out what went wrong.
In our recent FusionTalk, When Cybersecurity Fails, we sat down with Aaron Jacobs, a cyber war frontline who responded to numerous cyber-attacks. The insight he shared wasn’t theoretical. It was raw. Real. Unfiltered. And for every business leader watching the talk, it was a wake-up call.
This blog breaks down that session and delivers the critical takeaways every SMB leader should know — especially those who think, “It won’t happen to us.”
What happens when your cybersecurity strategy fails?
In our FusionTalk (When Cybersecurity Fails), Aaron Jacobs shared stories from the frontlines of real cyberattacks: how they unfolded, why companies were caught off guard, and what leaders could have done differently.
This blog unpacks the biggest insights from that conversation, from initial blind spots to leadership missteps to hard-won recovery tactics.
False Confidence – Why Most Companies Think They're Covered (Until They're Not)
Aaron shared a real-world story about a company that had all the “right” security tools in place: 24/7 monitoring, strong passwords, and MFA. And yet, they still got breached. Why? Poor cyber hygiene.
“Despite the setup, an attacker logged in with valid credentials and exfiltrated sensitive data in under 40 minutes.” – Aaron Jacobs
What failed them wasn’t technology—it was trust in systems over vigilance. A still-active account from a former employee and a bypassed MFA setup (forced by the CEO) opened the door.
Many businesses assume they’re protected because they have:
- An antivirus program
- A backup service
- An IT team “on call”
But Aaron Jacobs made one thing clear: attackers don’t look for weaknesses in tools. They look for weaknesses in people, processes, and assumptions.
“Most breaches I deal with start because someone assumed someone else was watching.” – Aaron Jacobs
In reality, many companies:
- Haven’t tested their incident response plan
- Don’t have clear ownership in a crisis
- React too slowly once a breach begins
And it’s this delay, not just the breach itself, that causes damage to spiral.
Inside the Breach – What Actually Happens When Security Fails
Aaron walked through the anatomy of several real-world breaches—one of which involved the theft of usernames, passwords, bank account details, and third-party credentials, all extracted through three Excel documents.
“The information was just sitting there—easy to access, easy to steal.” – Aaron Jacobs
In another case, a ransomware attack escalated through a TeamViewer vulnerability on an unsegmented network. The attacker moved laterally, undetected, because alerts were ignored and the organisation had no clear detection or response protocols.
Aaron took us inside several anonymised cases. The common thread? Chaos. Confusion. Delay.
One business waited over 14 hours before escalating to their cybersecurity partner, by then, attackers had already moved laterally, accessed sensitive data, and encrypted critical systems.
Another? The breach was caused by a shared password still active after an employee exit. A $0 mistake that cost them six figures.
Key patterns Aaron highlighted:
-
The early signs were there. They just weren’t understood.
-
Communication breakdowns caused delays.
-
Leaders assumed containment was happening when it wasn’t.
-
IT teams were stuck in technical silos, not escalation mode.
What Leaders Can (and Must) Do Differently
Aaron highlighted that many breaches start with the assumption: “We’re not big enough to be a target.” But attackers don’t care about size—they care about opportunity.
He also recommended that business leaders directly ask their IT departments:
- What cybersecurity framework are we aligned with?
- Why that framework?
- How far along are we in that journey?
“If you don’t know the framework you’re working under, you’re flying blind.” – Aaron Jacobs
His advice? Don’t treat frameworks like a checkbox. Embed them. Mature ones like NIST CSF or SMB 1001 offer structure, visibility, and accountability. Cybersecurity isn’t just an IT issue. It’s an executive accountability issue.
Aaron outlined several simple but powerful shifts business leaders can make to reduce exposure:
- Establish clear crisis ownership – Who leads when the breach hits? That clarity needs to be defined before something goes wrong.
- Run a table-top incident simulation – Don’t wait for a real breach to find out your response plan is broken. Practice it.
- Review your access controls and account hygiene – This means removing access for ex-employees, using MFA, and reviewing privileged access.
- Align with a security-first provider (not just a helpdesk) – You need a partner that responds to live threats, not just resets passwords.
Make it Easier with Our FREE Downloadable Guide
Incident response plans don’t need to be complicated, but they do need to exist. Whether it’s knowing how to isolate a system or who to contact, having a plan can reduce the chaos and stop the spread.
Aaron also touched on:
-
The importance of network segmentation to limit attacker movement
-
The rise of token theft attacks that bypass MFA (yes, even that isn’t bulletproof)
-
The need for monitoring session token usage to detect unusual behavior
All of these points have been distilled into our Complete Incident Response Checklist—your go-to guide for the critical hours following a breach.
You don’t rise to the occasion during a breach. You fall to the level of your preparation.
That’s why we created the Complete Incident Response Checklist. It’s the exact playbook you need immediately after a cyberattack to contain damage, reduce downtime, and protect your business.
Download your free guide below!
FAQs
Question: What’s one small mistake that leads to massive breaches?
Answer: Often, it’s something simple—like failing to remove access for a former employee or reusing passwords across systems. These oversights open the door to attackers.
Question: How can leaders start building a proper incident response plan
Answer: Start with clarity: define roles, establish escalation paths, and run a table-top exercise. It’s not about perfection—it’s about preparation.
Question: Is MFA enough to protect against account takeover?
Answer: Not always. Aaron explained that attackers now steal session tokens, which bypass MFA. You also need monitoring and behavioral analytics.
Question: What’s one question every executive should ask their IT team today?
Answer: “What framework are we aligned with, and why?” If they don’t have a clear answer, your risk exposure may be bigger than you think.
Question: What’s the biggest mistake companies make after a breach?
Answer: Trying to cover it up or delay response. It leads to more damage, more fines, and a longer road to recovery.
Final Thoughts: Stop Assuming, Starty Protecting
If your cybersecurity strategy is built on assumptions, it’s built on risk. The businesses that recover fastest from breaches aren’t always the biggest or most resourced. They’re the ones that prepared smart, assigned ownership, and responded fast.
Want to know where your blind spots are before attackers find them?
Book a free consultation with FusionRed. We’ll walk through your current cybersecurity posture, uncover hidden risks, and help you build a plan that works under pressure.
Related Articles
Ultimate Guide to Microsoft Teams Automation
https://youtu.be/CYaMXh1h4R0?si=vGJz-Fas-BNeJZN9 For many business leaders, managing communication, collaboration, and workflows efficiently can be overwhelming. Between juggling compliance requirements, reducing operational inefficiencies, and ensuring cybersecurity, there’s little time left for innovation and growth. Microsoft Teams Automation offers a strategic solution, transforming the way organisations operate by streamlining processes, enhancing security, and optimising resource allocation. Why Automate […]
The Hidden Risks in Cyber Insurance: Are You Really Covered?
Will Your IT Insurance Keep Your Business “Safe”? Cyberattacks are no longer a distant threat—they’re an everyday reality for businesses of all sizes. And while many SMBs turn to cyber insurance for protection, the harsh reality is that not all policies cover what you think they do. Too often, businesses only discover critical gaps […]
Why Microsoft Planner? Plan It Like a Pro with MS Planner
https://youtu.be/YM-FDRcIsHQ?si=udHUgTD5-_ux_yVU Managing projects efficiently is a cornerstone of successful businesses, but finding the right tools to streamline tasks, track progress, and meet deadlines can be challenging. In our recent webinar, Plan It Like a Pro, we explored how Microsoft Planner can help businesses of all sizes achieve their goals while integrating seamlessly into their existing […]
