This week saw cybercriminals exploit weak passwords in Fortinet firewalls, critical flaws in Cisco SD-WAN, and escalating attacks across common cloud platforms. With 90% of SMBs now reporting compromised users, cybersecurity isn’t a background issue—it’s a primary driver of business risk, revenue, and reputation. CEOs need to focus on practical controls, not just technical upgrades.
Fortinet’s ‘FortiBleed’ Breach: 73,000 Devices Compromised
This week, Fortinet—a widely used provider of firewalls and VPNs—confirmed a substantial breach. Attackers exploited weak or default passwords to gain unauthorized access to over 73,000 Fortinet devices across a diverse set of industries, including IT, construction, and telecom. While no single sector was singled out, the common thread was insufficient password policies and a lack of rigorous device management.
The immediate business consequences: companies using impacted Fortinet devices now face heightened risks of unauthorized access, data loss, and regulatory scrutiny. For SMBs, a firewall breach often translates directly into operational downtime, lost client trust, and potential legal exposure—not just a technical headache.
Experts point out that these attacks are not highly sophisticated in terms of tools, but rather exploit predictable human and process weaknesses. A 2026 survey found that 73% of small businesses use security devices with default or easily guessable credentials. The Fortinet incident illustrates that overlooked basics—like strong, unique passwords and routine audits—are still the most frequent root cause of technology breaches.
The scale and rapid pace of this compromise also challenge a widespread misconception: that only large enterprises are targets for large-scale attacks. SMBs with third-party IT vendors and distributed device deployments are especially vulnerable unless they enforce base-level controls and oversight.
Ransomware in the Cloud, Cisco Vulnerability, and New Threat Stats
Recent attackers have shifted to stealthier tactics, embedding ransomware and other malicious payloads within trusted cloud collaboration platforms. Because these platforms form the backbone of many SMB operations—project management, document sharing, chats—malicious activity is easy to overlook. There are increasing reports of criminals quietly hijacking sessions or encrypting files within platforms like Microsoft 365 or Google Workspace, making traditional anti-malware solutions far less effective and detection more challenging.
For businesses relying on Cisco’s SD-WAN, a newly disclosed critical vulnerability (CVE-2026-20262) enabled remote code execution, potentially granting total network control to an attacker. Patching is now urgent, particularly for organizations with limited IT resources or outsourced network management—two common SMB realities. Delayed patching remains a top entry point for cybercriminals looking to exploit known flaws.
Broadly, new industry data reveals a sobering trend: 90% of SMBs have experienced at least one user account compromise due to AI-driven attacks, session hijacking incidents are up 23% year-over-year, and ransomware attacks have nearly tripled (+190%) relative to last year. Cyber incidents have overtaken inflation and recession as the number one threat cited by SMBs, shifting boardroom discussions decisively toward resilience and risk mitigation.
Patterns: Simple Gaps, Sophisticated Attacks—Why SMBs Stay in the Crosshairs
The recurring thread behind recent breaches is not always advanced hacking, but poor fundamentals: weak credentials, missed patches, and over-trust in third-party platforms. Attackers increasingly rely on automation and AI to quickly find and exploit these recurring gaps, particularly among businesses with limited in-house security resources. This is why the same vulnerabilities are repeatedly leveraged across thousands of small and mid-size businesses.
The second pattern: attackers are moving up the value chain, embedding themselves deeper within the digital tools SMBs rely on most. This reflects a shift away from scattershot phishing and towards tailored attacks that align with core business workflows, increasing the likelihood of operational disruption and ransom demands that directly threaten revenue continuity and reputation.
What Business Leaders Should Consider
- Require immediate auditing and reset of all credentials on security devices and critical platforms—do not assume vendor-managed passwords are sufficient.
- Patch core infrastructure (Cisco, Fortinet, major cloud platforms) within defined timelines—formalize who is responsible and verify completion with independent checks.
- Review cloud collaboration platform logs and access controls; implement advanced monitoring to detect suspicious activity beyond ‘basic’ antivirus alerts.
- Implement required cybersecurity awareness training for all users, with specialized sessions for remote and hybrid teams using cloud tools regularly.
- Board-level risk discussions should include quantified cyber risk alongside financial threats—cybersecurity is now a line item comparable to insurance or legal risk.