When Cybersecurity Fails: What Happens, and What to do

When Cybersecurity Fails: What Happens, and What to do

Published On: May 21, 2025 | Categories: Guides & Know Hows

We thought we were covered. Until we got cyber attacked

This is the nightmare scenario that plays out across boardrooms and Zoom calls more than most executives care to admit.

Business leaders often assume that cybersecurity is “sorted”, until the ransomware hits, systems are locked down, and the team is scrambling to figure out what went wrong.

In our recent FusionTalk, When Cybersecurity Fails, we sat down with Aaron Jacobs, a cyber war frontline who responded to numerous cyber-attacks. The insight he shared wasn’t theoretical. It was raw. Real. Unfiltered. And for every business leader watching the talk, it was a wake-up call.

This blog breaks down that session and delivers the critical takeaways every SMB leader should know — especially those who think, “It won’t happen to us.”

What happens when your cybersecurity strategy fails?

In our FusionTalk (When Cybersecurity Fails), Aaron Jacobs shared stories from the frontlines of real cyberattacks: how they unfolded, why companies were caught off guard, and what leaders could have done differently.

 

This blog unpacks the biggest insights from that conversation, from initial blind spots to leadership missteps to hard-won recovery tactics.

False Confidence – Why Most Companies Think They're Covered (Until They're Not)

Aaron shared a real-world story about a company that had all the “right” security tools in place: 24/7 monitoring, strong passwords, and MFA. And yet, they still got breached. Why? Poor cyber hygiene.

 

“Despite the setup, an attacker logged in with valid credentials and exfiltrated sensitive data in under 40 minutes.” – Aaron Jacobs

 

What failed them wasn’t technology—it was trust in systems over vigilance. A still-active account from a former employee and a bypassed MFA setup (forced by the CEO) opened the door.

 

Many businesses assume they’re protected because they have:

  • An antivirus program
  • A backup service
  • An IT team “on call”

But Aaron Jacobs made one thing clear: attackers don’t look for weaknesses in tools. They look for weaknesses in people, processes, and assumptions.

 

“Most breaches I deal with start because someone assumed someone else was watching.” – Aaron Jacobs

 

In reality, many companies:

  • Haven’t tested their incident response plan
  • Don’t have clear ownership in a crisis
  • React too slowly once a breach begins

And it’s this delay, not just the breach itself, that causes damage to spiral.

Inside the Breach – What Actually Happens When Security Fails

Aaron walked through the anatomy of several real-world breaches—one of which involved the theft of usernames, passwords, bank account details, and third-party credentials, all extracted through three Excel documents.

 

“The information was just sitting there—easy to access, easy to steal.” – Aaron Jacobs

 

In another case, a ransomware attack escalated through a TeamViewer vulnerability on an unsegmented network. The attacker moved laterally, undetected, because alerts were ignored and the organisation had no clear detection or response protocols.

 

Aaron took us inside several anonymised cases. The common thread? Chaos. Confusion. Delay.

 

One business waited over 14 hours before escalating to their cybersecurity partner, by then, attackers had already moved laterally, accessed sensitive data, and encrypted critical systems.

 

Another? The breach was caused by a shared password still active after an employee exit. A $0 mistake that cost them six figures.

 

Key patterns Aaron highlighted:

  • The early signs were there. They just weren’t understood.

  • Communication breakdowns caused delays.

  • Leaders assumed containment was happening when it wasn’t.

  • IT teams were stuck in technical silos, not escalation mode.

What Leaders Can (and Must) Do Differently

Aaron highlighted that many breaches start with the assumption: “We’re not big enough to be a target.” But attackers don’t care about size—they care about opportunity.

He also recommended that business leaders directly ask their IT departments:

  • What cybersecurity framework are we aligned with?
  • Why that framework?
  • How far along are we in that journey?

“If you don’t know the framework you’re working under, you’re flying blind.” – Aaron Jacobs

His advice? Don’t treat frameworks like a checkbox. Embed them. Mature ones like NIST CSF or SMB 1001 offer structure, visibility, and accountability. Cybersecurity isn’t just an IT issue. It’s an executive accountability issue.

Aaron outlined several simple but powerful shifts business leaders can make to reduce exposure:

  • Establish clear crisis ownership – Who leads when the breach hits? That clarity needs to be defined before something goes wrong.
  • Run a table-top incident simulation – Don’t wait for a real breach to find out your response plan is broken. Practice it.
  • Review your access controls and account hygiene – This means removing access for ex-employees, using MFA, and reviewing privileged access.
  • Align with a security-first provider (not just a helpdesk) – You need a partner that responds to live threats, not just resets passwords.

Make it Easier with Our FREE Downloadable Guide

Incident response plans don’t need to be complicated, but they do need to exist. Whether it’s knowing how to isolate a system or who to contact, having a plan can reduce the chaos and stop the spread.

Aaron also touched on:

  • The importance of network segmentation to limit attacker movement

  • The rise of token theft attacks that bypass MFA (yes, even that isn’t bulletproof)

  • The need for monitoring session token usage to detect unusual behavior

All of these points have been distilled into our Complete Incident Response Checklist—your go-to guide for the critical hours following a breach.

 

You don’t rise to the occasion during a breach. You fall to the level of your preparation.

 

That’s why we created the Complete Incident Response Checklist. It’s the exact playbook you need immediately after a cyberattack to contain damage, reduce downtime, and protect your business.

 

Download your free guide below!

Complete Incident Response Checklist
Download The Free Guide

FAQs

Question: What’s one small mistake that leads to massive breaches?

Answer: Often, it’s something simple—like failing to remove access for a former employee or reusing passwords across systems. These oversights open the door to attackers.

 

Question: How can leaders start building a proper incident response plan

Answer: Start with clarity: define roles, establish escalation paths, and run a table-top exercise. It’s not about perfection—it’s about preparation.

 

Question: Is MFA enough to protect against account takeover?

Answer: Not always. Aaron explained that attackers now steal session tokens, which bypass MFA. You also need monitoring and behavioral analytics.

 

Question: What’s one question every executive should ask their IT team today?

Answer: “What framework are we aligned with, and why?” If they don’t have a clear answer, your risk exposure may be bigger than you think.

 

Question: What’s the biggest mistake companies make after a breach?

Answer: Trying to cover it up or delay response. It leads to more damage, more fines, and a longer road to recovery.

Final Thoughts: Stop Assuming, Starty Protecting

If your cybersecurity strategy is built on assumptions, it’s built on risk. The businesses that recover fastest from breaches aren’t always the biggest or most resourced. They’re the ones that prepared smart, assigned ownership, and responded fast.

Want to know where your blind spots are before attackers find them?

Book a free consultation with FusionRed. We’ll walk through your current cybersecurity posture, uncover hidden risks, and help you build a plan that works under pressure.

Book Free Consultation
Facebook Linkedin Youtube

Related Articles

How to Protect Your Credentials from the DARK WEB

You Might Be Exposed, Without You Even Knowing It. Imagine this: you’re going about your day, logging into your email, checking work files, maybe even making a quick online purchase. Meanwhile, on the Dark Web, cybercriminals are buying and selling login credentials—maybe even yours. Stolen credentials are one of the most valuable commodities for hackers, […]

Published On: September 24th, 2024 | Categories: March 7, 2025 | Categories: Guides & Know Hows

The Hidden Risks in Cyber Insurance: Are You Really Covered?

Will Your IT Insurance Keep Your Business “Safe”? Cyberattacks are no longer a distant threat—they’re an everyday reality for businesses of all sizes. And while many SMBs turn to cyber insurance for protection, the harsh reality is that not all policies cover what you think they do. Too often, businesses only discover critical gaps in […]

Published On: September 24th, 2024 | Categories: April 25, 2025 | Categories: Guides & Know Hows

How to Modernise Your Business

https://www.youtube.com/watch?v=jRl6Xisifuc “If my team already has Microsoft 365, why do our operations still feel stuck in the past?” That’s the question many business leaders ask themselves. They see their competitors moving faster, collaborating better, and handling change without panic—meanwhile, their own teams are stuck chasing approvals in endless email chains, or digging through old versions […]

Published On: September 24th, 2024 | Categories: August 5, 2025 | Categories: Guides & Know Hows
FusionRed specialise in technology and IT related services such as managed services, backup and security management, voice and internet services, and professional services.
Sydney | Penrith | Parramatta [email protected] 1300 661 143

Privacy Policy ©2025 FusionRed. All Rights Reserved.