Tech Multiplier
Tech Multiplier is the podcast for smart business leaders who want to turn technology into a competitive advantage. Each episode explores how to use tech as a force multiplier—to accelerate growth, streamline operations, and protect what you’re building.
Join us as we break down the latest tools, trends, and strategies that help you lead with confidence and scale with intention. Whether you're looking to level up your tech stack or avoid common digital pitfalls, Tech Multiplier gives you actionable insights to multiply what matters—your impact, profits, and success.
Subscribe now and start turning tech into your growth engine. For resources and more, visit mytek.net.
Tech Multiplier
Defending Your Business from AI-Powered Cyberattacks
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Cyberattacks aren’t just targeting Fortune 500 companies anymore. In this episode, we break down how AI-powered cyber threats are rapidly evolving — and why Arizona SMBs are increasingly in the crosshairs. From the massive Stryker device wipe attack to the ransomware breach at Scottsdale-based SimonMed Imaging, today’s attackers are using AI to automate phishing, clone voices, exploit Microsoft environments, and scale attacks faster than ever before.
We’ll walk through five practical ways businesses can strengthen their defenses in 2026, including:
- Locking down Microsoft 365 identity and access management
- Moving from reactive break/fix IT to proactive threat monitoring
- Training employees to recognize AI-generated phishing and voice scams
- Stress-testing disaster recovery plans before disaster strikes
- Using enterprise-grade cybersecurity tools like EDR and conditional access
Whether you’re a business owner, operations leader, or IT decision-maker, this episode will help you understand the real risks facing SMBs today — and the steps you can take now to reduce downtime, prevent breaches, and protect your business from modern cyber threats.
Learn more about MyTek, an Arizona-based Managed IT Services and IT Security firm: https://mytek.net/
So uh in March of this year, a $25 billion medical technology giant named Stryker was just knocked completely offline. I mean, in a matter of hours.
SPEAKER_01Yeah, it was incredibly fast. Right.
SPEAKER_00And we are talking about a Fortune 500 company here with roughly uh 56,000 employees. And according to the source material we're looking at for today's deep dive, this Iran-linked hacker group named Handala managed to wipe over 200,000 of striker's devices.
SPEAKER_01200,000.
SPEAKER_00200,000 laptops, servers, tablets, just bricked, gone. And I think the most terrifying part of this entire event, which the guide really focuses on, is that the hackers didn't even break through some incredibly sophisticated firewall.
SPEAKER_01No, they didn't.
SPEAKER_00They just logged in.
SPEAKER_01Yeah, they literally just logged in. It's a staggering scale of disruption. And you know, it perfectly illustrates the reality of the threat landscape we're all operating in right now.
SPEAKER_00Right.
SPEAKER_01When you examine state-backed operations or uh highly organized hacker groups in 2026, and the guide is very neutral and objective about presenting these groups, just laying out the facts of who they are, the mechanics of how they operate have fundamentally shifted.
SPEAKER_00Aaron Powell So what's our mission for today then?
SPEAKER_01Aaron Ross Powell Well, what we're doing in this deep dive is breaking down exactly how modern attackers operate. And more importantly, we're extracting five concrete actionable strategies from this new 2026 cybersecurity guide to help you, the listener, defend your own business.
SPEAKER_00Aaron Powell Because the core takeaway from this material, which I love, is that you do not need a Fortune 500 budget to stay safe.
SPEAKER_01Exactly.
SPEAKER_00But I mean I'm still stuck on that 200,000 number. That's just wild.
SPEAKER_01Massive.
SPEAKER_00But I'm thinking if I'm a listener running like a logistics company or a local accounting firm with maybe 30 people, I might hear about a medical giant like striker and think, well, I don't have 56,000 employees. Trevor Burrus, Jr.
SPEAKER_01Right. Why would they care about me? Trevor Burrus, Jr.
SPEAKER_00Exactly. Why would international hackers care about my small business?
SPEAKER_01And historically.
SPEAKER_00They wouldn't have.
SPEAKER_01Yeah. I mean, if you were a highly sophisticated threat actor five or ten years ago, you spent your time and your resources hunting big game. You targeted the strikers of the world because the payout was worth the uh the manual effort required to breach their bespoke security systems. Trevor Burrus, Jr.
SPEAKER_00That makes sense. The ROI was there. Trevor Burrus, Jr.
SPEAKER_01Right. But artificial intelligence has completely rewritten that economic model.
SPEAKER_00Okay, wait. How does AI actually change the economics of hacking?
SPEAKER_01Through automation. Entirely automation. These well-funded groups are now using AI to automate their reconnaissance. So instead of a human hacker manually probing one company's network for weeks.
SPEAKER_00Which takes forever.
SPEAKER_01Exactly. Now, an AI-powered bot can scan the entire internet for exposed vulnerabilities in literally minutes. Wow. And the source highlights a very chilling reality here. If a massive global company is vulnerable because of a configuration flaw in, say, standard enterprise software, then a 20-person firm in Phoenix running on that exact same Microsoft architect is just as vulnerable. Yes. They are just as vulnerable. The attackers are no longer handpicking targets. Their automated tools are basically just walking down the digital street, jiggling every single door handle to see what's unlocked.
SPEAKER_00Oh, that's such a good way to put it. It feels like we're finally realizing that hiding in the middle of the herd doesn't work anymore.
SPEAKER_01Not at all.
SPEAKER_00Not when the predator has an AI-powered drone. You just can't rely on anonymity anymore.
SPEAKER_01No, anonymity is dead.
SPEAKER_00And the guide points out that this is hitting incredibly close to home. It highlights a January 2025 attack on a Scottsdale-based company, uh Simon Med Imaging.
SPEAKER_01Yeah, that was a bad one.
SPEAKER_00Where ransomware exposed the private data of over 1.2 million patients.
SPEAKER_01And the statistics surrounding this whole shift are incredibly sobering. Like if you look at the Verizon 2025 report, it shows that small and medium-sized businesses experience roughly 400% more data breaches than large organizations in 2024.
SPEAKER_00400%. That is insane.
SPEAKER_01It is. And to put a dollar figure on that devastation, the FBI's 2025 Internet Crime Report puts total U.S. cybercrime losses at $21 billion.
SPEAKER_00Billion with a B.
SPEAKER_01Driven largely by ransomware and phishing.
SPEAKER_00Okay, so if the AI drones are constantly scanning everyone, how are they actually getting inside? I want to go back to what you said about the striker attack. Because you said they didn't break in, they just logged in.
SPEAKER_01Right.
SPEAKER_00What does that actually mean mechanically?
SPEAKER_01Aaron Ross Powell So they gained access to Microsoft Intune credentials.
SPEAKER_00Wait, Microsoft Intune?
SPEAKER_01Yep.
SPEAKER_00But I thought that was just the standard software an IT department uses to like push updates to my laptop or set up a new employee's phone. How does Hacker weaponize that?
SPEAKER_01Aaron Ross Powell Well, you just nailed exactly why it's so dangerous. Intune is a cloud-based endpoint management system. It's basically the central nervous system a company uses to manage all its corporate devices.
SPEAKER_00Okay.
SPEAKER_01It have the absolute power to install software, change settings, and crucially wipe devices remotely in case a laptop is lost or stolen.
SPEAKER_00Aaron Powell Oh, I see where this is going. Aaron Powell Yeah.
SPEAKER_01So once the attackers stole an administrator's login credentials for Intune, they didn't need to write malicious code. They simply used the company's own device management system against them by issuing a mass remote wipe command.
SPEAKER_00Aaron Powell Wow. So the call was literally coming from inside the house.
SPEAKER_01Aaron Powell Exactly. And that brings us to the first major defensive strategy outlined in the guide, which is locking down identity and access management, or IAM.
SPEAKER_00IAM. Got it.
SPEAKER_01Trevor Burrus, this is your absolute first line of defense. Because attackers are automating the discovery of credentials, you have to ensure that a single stolen password isn't enough to sync the entire company.
SPEAKER_00Right. And the guide is very specific about this. It says you have to enforce multi-factor authentication or MFA on every single account that touches the admin console. If every single one not just the IT lead, but literally anyone with elevated privileges. But it also mentions something called the principle of least privilege. Right. I mean, I understand the concept of giving people less access generally, but how does that actually work in practice without driving everyone crazy?
SPEAKER_01Well, the guide points out a very common flaw in most businesses. For the sake of convenience, they just hand out global admin access freely.
SPEAKER_00Yeah, I can hear small business owners groaning right now.
SPEAKER_01Oh, absolutely.
SPEAKER_00Because putting gates everywhere and restricting admin rights just slows the team down. Like if my marketing manager needs to install a new design tool, I don't want them waiting three hours for an IT ticket to clear.
SPEAKER_01It's the classic friction between operational speed and security. But you have to weigh that minor convenience against the catastrophic liability of an attacker getting the keys to your entire network. Fair point. And technology actually offers a compromise here, using something like Azure Active Directory to set up time-based admin rights.
SPEAKER_00Okay, I'm trying to picture this. How does time-based access solve the bottleneck for that marketing manager?
SPEAKER_01Think of conditional access policies. Your marketing manager doesn't have permanent admin access.
SPEAKER_00Okay.
SPEAKER_01Instead, when they need to install that software, they request elevation. The system grants them administrator rights for, say, a two-hour window.
SPEAKER_00Oh, interesting.
SPEAKER_01And once that window closes, the access automatically revokes itself. It drastically reduces your exposure time.
SPEAKER_00Oh, I like that. It's kind of like a high security building. Instead of giving an employee a master key that opens every door in the building forever, their ID badge has to be swiped at every single door. And the system decides in real time if they are allowed in that specific room on that specific day.
SPEAKER_01That is a brilliant way to conceptualize it. And the actionable advice for you, the listener, is to review what the guide calls your Microsoft 365 tenant. Which is what exactly That's essentially your company's isolated private slice of the Microsoft Cloud environment. Look at the global admin list for your tenant. If you cannot name every person on that list and explain exactly why they have those privileges right now, your business is exposed.
SPEAKER_00That's a great takeaway. Okay, so we've locked the front door with IAM and time-based privileges. Right. But no lock is perfect. If an attacker manages to swipe a credential or find a workaround, what happens then? Because the source brings up another horrifying detail about that Simon Med imaging breach.
SPEAKER_01The dwell time.
SPEAKER_00Yes. The attackers didn't just smash and grab. They were operating inside Simon Med's network for a full week before the company even detected the intrusion.
SPEAKER_01A full week. And this is a critical pivot in the guide's strategy. Why did it take a week? It's almost always because a company relies on a reactive IT model. So the next major imperative is migrating from a breakfix model to proactive threat monitoring.
SPEAKER_00So break fix meaning like we only call IT when the printer stops working or the server crashes.
SPEAKER_01Exactly. And the old breakfix model simply cannot survive the modern threat landscape. If your IT strategy is built around fixing problems after they happen, you are by definition playing catch up.
SPEAKER_00Right. It's too late.
SPEAKER_01A break fix model is not designed to detect quiet intrusions or flag, you know, unusual administrative behavior happening at two in the morning.
SPEAKER_00So the old breakfix model is essentially like installing a burglar alarm that is designed to only go off after the thief has already driven away with your TV?
SPEAKER_01That captures the vulnerability perfectly. Waiting for an alert that says your server is down means the attackers have already finished their work. Proactive monitoring flips that script by looking for the early signals that precede an attack.
SPEAKER_00What do those signals actually look like in the real world, though? Like how does a system catch a hacker who is just quietly looking around?
SPEAKER_01Well, it relies on tools like EDR, which stands for endpoint detection and response.
SPEAKER_00EDR.
SPEAKER_01Yes. And this is a massive upgrade from traditional antivirus software.
SPEAKER_00Let's dig into that mechanism actually, because I think most people assume antivirus and EDR are the same thing.
SPEAKER_01Oh, they are fundamentally different. Traditional antivirus operates on a signature basis, it has a database of known bad files, kind of like a digital most wanted list of mugshots.
SPEAKER_00Okay, I'm with you.
SPEAKER_01If a file matches a mugshot, it blocks it. But what if the attacker uses a brand new AI-generated tool? Or what if, like in the striker attack, they are just using legitimate admin tools maliciously?
SPEAKER_00Right, because there is no mugshot for a legitimate admin login.
SPEAKER_01Exactly. EDR doesn't just look for bad files, it establishes a behavioral baseline for your entire network.
SPEAKER_00Okay, how does that work?
SPEAKER_01It learns that Dave from accounting usually logs in from Phoenix, accesses Excel, and works from nine to five. If Dave's account suddenly attempts to execute a complex administrative script at 3 a.m. from an IP address in Eastern Europe.
SPEAKER_00Oh, the EDR catches that.
SPEAKER_01Right. EDR flags the behavior as an anomaly and can instantly isolate that machine from the network. You catch the intruder while they are still jiggling the internal door handles.
SPEAKER_00Okay. That makes total sense for protecting the software and the network.
SPEAKER_01Yeah.
SPEAKER_00But what if the attackers don't target the software at all?
SPEAKER_01Aaron Ross Powell What do you mean?
SPEAKER_00Well, what happens if the AI just tricks my CFO into wiring the money directly? Because no firewall or behavioral baseline stops a fully authorized manual wire transfer.
SPEAKER_01Uh this is where the guide addresses AI-powered social engineering. And we have to be very, very clear here. This is not the phishing of five years ago.
SPEAKER_00Aaron Powell Yeah, the old phishing emails were almost comical. Right. Riddled with typos, bizarre formatting, those generic greetings like dear esteemed customer.
SPEAKER_01Yeah. AI has completely eradicated those technical flaws. Large language models allow attackers to draft emails that feature perfect grammar and a completely professional tone.
SPEAKER_00Which is scary enough.
SPEAKER_01But more dangerously, AI automates the gathering of context. An automated system can scrape LinkedIn, public company documents, social media.
SPEAKER_00Just vacuum up everything.
SPEAKER_01Exactly, to figure out who reports to whom, what projects your team is working on, and how your executives actually communicate.
SPEAKER_00And the guide says it goes way beyond text, highlighting the terrifying reality of voice cloning. Yes. This part of the source material is wild. A scammer only needs a simple voicemail greeting or a clip from a public interview to capture enough audio data. They run that through an AI voice cloning tool, and suddenly they can perfectly impersonate your CEO on a phone call.
SPEAKER_01It is deeply unsettling. And it proves why outdated, once-a-year cybersecurity training is basically useless today.
SPEAKER_00Yeah, I'd imagine so.
SPEAKER_01If you tell your employees to just look for bad grammar, you were leaving them defenseless against modern deepfakes. Businesses must run regular, updated simulations that reflect actual AI-generated attacks.
SPEAKER_00Well, let me ask a highly practical question for the listener, then.
SPEAKER_01Sure.
SPEAKER_00If a voice clone sounds exactly like my boss, literally identical down to the cadence and the pauses, and the email I receive has perfect context about the Q3 budget we were just discussing. Right. How am I supposed to spot it? What is the actual trigger that should cause an employee to stop?
SPEAKER_01The red flag is no longer technical, it's behavioral. AI can fake the voice in the context perfectly, but the attackers still have to achieve their goal, right? So you train your employees to look for the nature of the request. You're looking for three things urgency, secrecy, and a departure from standard procedure.
SPEAKER_00Okay. Urgency, secrecy, and departing from procedure.
SPEAKER_01Does the boss need a wire transfer immediately? Are they telling you not to tell anyone else? Are they asking you to bypass the normal vendor approval process?
SPEAKER_00So it's about the pressure they're applying.
SPEAKER_01Exactly. If those elements are present, the employee must follow the golden rule, which frankly needs to be established as company policy right now. Any urgent request involving money, data, or access must be verified through a second channel before taking action.
SPEAKER_00I see. So if you get an urgent phone call, you hang up and send them a Slack message.
SPEAKER_01Yes, sir.
SPEAKER_00If you get an urgent email, you pick up the phone and call the internal number you already have saved for them.
SPEAKER_01Precisely. You break the chain of communication to verify through a medium the attacker doesn't control.
SPEAKER_00It's basically the only reliable way to break the illusion.
SPEAKER_01It really is.
SPEAKER_00Okay, let's look at the absolute worst case scenario. Because we've covered a lot of prevention. You enforce IAM and time-based privileges. Right. You have EDR monitoring behavior, you train your staff relentlessly on second-channel verification. Yep. But security is a game of probabilities. Sometimes the worst still happens. Sometimes you end up facing the striker scenario, a mass swipe.
SPEAKER_01Yeah, you have to plan for failure. The guide explicitly outlines the need to rigorously test your disaster recovery plan. And honestly, most businesses treat disaster recovery as just a checkbox item.
SPEAKER_00Oh, for sure.
SPEAKER_01They buy a backup solution, they document a plan in a binder, they put the binder on a shelf, and they consider it done.
SPEAKER_00Which is like packing a parachute but deciding you'll only check if it has holes in it while you're plummeting toward the ground.
SPEAKER_01That is exactly what it's like. You cannot assume your recovery protocols work until you test them under real conditions. When a crisis hits, that is the worst possible moment to discover your backups have been failing silently for three months.
SPEAKER_00Oh, that would be a nightmare.
SPEAKER_01So the guide emphasizes that you need to establish and test two key metrics: a recovery time objective, or RTO, and a recovery point objective, or RPO.
SPEAKER_00Let's break those metrics down for the listener.
SPEAKER_01Sure. RTO recovery time objective is simply how long your business can survive being offline. Can you afford to be down for an hour, a day, a week? That is your hard time limit for getting systems back up.
SPEAKER_00And RPO.
SPEAKER_01RPO recovery point objective is how much data you can afford to lose. If your backups only run every 24 hours, you are accepting that you might lose 23 hours and 59 minutes of work if a wipe happens right before the next backup.
SPEAKER_00Right. And once you set those benchmarks, you actually have to test them.
SPEAKER_01Yes, you have to test them.
SPEAKER_00The guide recommends simulating a full system failure, at least quarterly. Literally pull the plug and time how long it actually takes to restore operations.
SPEAKER_01And if that recovery time is higher than your business can survive, you know exactly where you need to invest. The source actually notes that a well-thought-out cloud system is a massive game changer here.
SPEAKER_00How does cloud failover actually shrink that recovery window though?
SPEAKER_01Well, in the old days, if a physical server died, you had to order new hardware, install the operating system, and manually copy the data back.
SPEAKER_00Right, which took days.
SPEAKER_01At best, modern cloud setups use virtualization. Your server isn't just a physical box, it's data that can be spun up on backup hardware in a totally different data center. If your primary system fails or gets wiped, an automated system can route your traffic to those backup servers, cutting your recovery window from days down to literally minutes.
SPEAKER_00Which is the difference between a minor hiccup and a company ending event.
SPEAKER_01Exactly.
SPEAKER_00But you know, I am listening to this and thinking about the sheer complexity of everything we've discussed today. Managing cloud failovers, monitoring EDR baselines 247, configuring Azure AD conditional access. I mean, this requires serious expertise.
SPEAKER_01It does, and the guide addresses this head on. The attacks we are seeing in 2026 are not amateur operations. These are state-backed, AI-enhanced campaigns designed to exploit the exact tools you use every day.
SPEAKER_00Right.
SPEAKER_01You cannot fight this by just asking your most tech-savvy employee to install an antivirus software. You need enterprise grade tools, but those features are only effective if you have the expertise to deploy and manage them correctly.
SPEAKER_00And let's be real, most small and medium-sized businesses simply do not have the budget to hire a dedicated in-house team of cybersecurity analysts to watch logs 24 hours a day.
SPEAKER_01No, of course not.
SPEAKER_00So these powerful Microsoft security tools either go entirely unused or they get misconfigured and just provide a false sense of security.
SPEAKER_01And this is where working with a managed IKE provider or MSP fills the critical gap. An MSP gives a smaller business access to the same caliber of round-the-clock monitoring and cybersecurity expertise that protects massive Fortune 500 companies.
SPEAKER_00But without the staggering overhead of an in-house security operations center.
SPEAKER_01Exactly. You get the protection without the payroll nightmare.
SPEAKER_00And the source material actually provides a very specific solution for our listeners in Arizona. It points to a local partner named MyTech.
SPEAKER_01Right, MyTech.
SPEAKER_00They are an Arizona-based MSP that specifically helps businesses close the gap between these sophisticated cyber attacks and their own internal security.
SPEAKER_01And according to the guide, a partner like MyTech deploys these managed solutions to monitor your environment continuously. They upgrade your Microsoft infrastructure to ensure all those advanced behavioral features and conditional access policies are actually turned on and properly configured.
SPEAKER_00Right. So you're not just hoping the software works out of the box.
SPEAKER_01Exactly. They essentially act on the threats before they can turn into a breach.
SPEAKER_00It's kind of like renting a team of elite cybersecurity guards instead of trying to build your own security agency from scratch.
SPEAKER_01That's a great way to look at it.
SPEAKER_00The guide also notes that listeners can schedule a cybersecurity assessment with MyTech to see exactly where their business currently stands, which really seems like the necessary first step. You need to know your baseline vulnerability before you can improve it.
SPEAKER_01Absolutely. You can't fix what you haven't measured.
SPEAKER_00So let's synthesize what this all means for you, the listener, as you navigate this 2026 landscape. Because we've covered a lot of ground today.
SPEAKER_01We really have.
SPEAKER_00The era of relying on anonymity, buying standard antivirus, and only fixing computers when they break is permanently over.
SPEAKER_01Dead and gone.
SPEAKER_00Defending your operations today requires a layered proactive strategy. You lock down your digital doors with identity management and time-based privileges. You install proactive monitoring that learns the behavior of your network to catch intruders early. You train your human workforce to defeat AI deepfakes by verifying urgent secret requests.
SPEAKER_01Yes.
SPEAKER_00And you relentlessly test your disaster recovery protocols so you can survive the worst case scenario.
SPEAKER_01And most importantly, you recognize that enterprise grade defense is entirely accessible to businesses of all sizes if you partner with the right experts.
SPEAKER_00Exactly.
SPEAKER_01You don't need a massive budget. You just need a smart, modernized strategy. If I can leave you with one final thought to ponder, it builds directly on what we saw with that initial striker breach compared to a 20-person firm.
SPEAKER_00Okay, what is it?
SPEAKER_01Well, the source highlights that both face the exact same state-backed AI-powered threats. What this really tells us is that the internet has fundamentally erased digital borders.
SPEAKER_00Wow. Yeah, there are no safe, quiet neighborhoods online anymore.
SPEAKER_01Every local business is now a direct neighbor to global superpowers and international cyber syndicates. In an era where artificial intelligence entirely levels the playing field for attackers, giving them infinite reach and automation, what does it actually mean to be a small business on the internet today?
SPEAKER_00Because out in the digital herd, when the predator has an AI drone scanning every single door, nobody is truly small enough to hide anymore.