By all measures the bad guys are winning, dramatically. You may not be aware of just how lopsided the current state of things has become, but while most businesses have done little to nothing in the last 5 years to upgrade their defensive maturity, the bad guys have matured LIKE CRAZY. It’s really difficult to overstate this or use superlatives that are an exaggeration. In fact the bad guys have largely matured to the point that they have become totally invisible to the IT departments who are charged with the company defenses. Malicious actors routinely sneak right past all the anti-virus software and firewall appliances in place and easily breach the environment, stealing data for months or even years right under the security teams noses, totally undetected. See our BLOG article on the Solar Winds breach for a mind blowing example, and we could share many, many others.

The volume and frequency of these breaches has also escalated dramatically, not just the sophistication. Consider this (shortened) list of significant breaches curated from the excellent ID Agent Week In Breach report for the month of September 2023:

Tesla   Malicious Insiders stole and leaked 100gb data
Clorox   Operations shut down after ransomware attack resulting in product shortages
Geico Insurance  Caught up in ongoing MoveIt breach, private data stolen
Mom’s Meals   Network breach resulting in private data stolen
University of Minnesota   Data breach of 7 million Social Security #s
London Metropolitan Police   Personal details of 47,000 personnel stolen
France’s Unemployment Agency   Caught up in ongoing MoveIt breach, private data stolen
Northern Ireland Police   Accidentally posted all personnel details online for 2 hours, lives now at risk
CloudNordic Cloud Host   All customer data lost including backups in network breach
Seiko Watches   Network breach resulting in private data stolen
Paramount Global   Network breach resulting in private data stolen
Forever 21   Network breach resulting in private data stolen
U.S. National Safety Council   Data posted openly by accident
Callaway Golf   Network breach resulting in private data stolen
Montreal Electricity Organization   LockBit ransomware attack
University of Sydney, Austrailia   Supply chain vendor breach
National Center of Incident Readiness and Strategy for Cybersecurity  China nation state attack
Johnson & Johnson / IBM   Network breach resulting in private data stolen
Sabre Travel Platform   Network breach 1.3tb data stolen
Freecycle Recycling Website   Network breach 7 million people’s data stolen
MGM Resorts   Operations shut down for weeks and everything stolen with 10 minute phone call
Ceasars Entertainment   Caught up in MGM attack
US/Canada Waters International Joint Commission   Network breach resulting in private data stolen
Canadian Nurses Association   Network breach resulting in private data stolen
UK Greater Manchester Police   Supply chain vendor breach
Airbus   Stolen user credentials
Sony  Bad guys told them their entire organization has been compromised, they didn’t know

This is what an annual list of major breaches used to look like and now this is just a single month. Once again, many entities didn’t know they were breached had had to be told, the likes of Sony, MGM Resorts, Johnson & Johnson, and IBM. The bad guys are now invisible.


What have you done to upgrade your defenses?

Unfortunately in the face of this dramatic escalation in both the volume and sophistication on the part of the bad guys,many businesses have done nothing or very little to enhance their defenses. In our BLOG article here we covered a recent survey by insurance giant Nationwide which showed that 40% of small business owners expect a cyber-attack to cost less than $1,000, when in reality it will probably cost millions.

According to the IANS 2023 Security Budget Report businesses have increased cybersecurity spending in 2023 by only 6%, when it should be increasing by 35% or more to remain safe. Making it worse, in many cases other IT operational spending was cut in order to provide the increase in cybersecurity spending.

Meanwhile year after year the bad guys are perfecting their processes and getting tools that are better and better. When the bad guy asks his boss for a new tool he gets it, he doesn’t get told to wait for next year’s budget or generate an ROI request, which is why the bad guys have now matured right past your IT department to the point of invisibility.


How do you spot an invisible adversary in your environment who is quietly stealing all your data?

This will sound simple, but the bad guys are invisible because they are hiding where you’re not looking. This was true of NASA and the Pentagon in the SolarWinds breach in 2021, and it’s still true for Sony this week, who just got told by a ransomware group that their entire global organization was breached. In none of these cases did an alarm go off or an alert notify them that they had a problem. The anti-virus and a firewall you have don’t begin to address this problem. They represent no resistance at all to the modern threat actor regardless of which brand you have.

In order to spot the invisible adversary you have to start looking in all the hiding places, and on a regular, ongoing basis. You should immediately begin doing the following things if you are not already:

  • Get a complete IT security assessment by a third party expert like Rocky Mountain Cybersecurity. We know where the invisible bad guys are hiding in your network, and because you can’t audit yourself, this should be a third party service. An expert like Rocky Mountain Cybersecurity knows what to look for, and uses special tools in combination with our expertise to dramatically reduce our clients business risk.
  • Perform a complete cloud services assessment and hardening for Microsoft 365, Google Docs, AWS, OneDrive, SharePoint, etc.. Microsoft and Google cloud services are horribly insecure and must be intentionally hardened for security.
  • Implement 24x7x365 SIEM/SOC and/or Managed Intrusion Detection / Threat Response services. These services look in the nooks and crannies for the bad guys around the clock by monitoring all activity for anything suspicious. While these services used to be too expensive for the typical small business, Rocky Mountain Cybersecurity now has extremely affordable options for every small business owner that wants to be secure.
  • Get an external penetration test / vulnerability scan by a third party expert like Rocky Mountain Cybersecurity to check public facing gateways and cloud applications for security problems.

In addition, as always be sure to:

  • Maintain at least 3 immutable and restorable backups of all your data
  • Implement Multi-Factor (MFA, 2FA) authentication on everything
  • Use education and leadership to create a culture of awareness within the organization


Partnering with a cybersecurity expert like Rocky Mountain Cybersecurity

When your adversary has matured so far that they are now invisible, partner with a cybersecurity expert like Rocky Mountain Cybersecurity. We know where the bad guys hide and have the knowledge and expertise to sniff them out. Get in touch with us to talk today!.


Contact us today!  – 307-288-0222 – –



Elmer Robinson is an IT warrior and cybersecurity subject matter expert who has fought on the front lines of the cybersecurity wars providing business continuity as long as they have existed.. A CISSP since 2008 and a certified network engineer since 1993, Elmer has proven success in delivering comprehensive cybersecurity strategies to every type of industry.