All posts
Cybersecurity
Expert Network
Written by:
Aleks Pavlinik

The State of Cybersecurity in 2026: What We’re Seeing and What You Can Do

Published on
April 29, 2026
What’s happening across the U.S. right now, and what your business needs to do about it.

From the desk of Aleks Pavlinik, Chief Information Security Officer - April 2026

I’ll be direct. The past twelve months have been the worst stretch for U.S. business cybersecurity I’ve seen in my career. Attacks are faster. They're more coordinated. And they are increasingly aimed at companies your size, not just the Fortune 500.

This is not meant to scare you. It’s meant to inform you. What follows is a clear look at what’s happening, who’s behind it, and the practical steps you can take right now to reduce your risk.

What We’re Seeing Right Now

These are not hypothetical threats. This is what has already hit U.S. businesses over the past several months.

Ransomware Is Up 12% and Getting More Aggressive

Ransomware groups are no longer satisfied with encrypting files and sending a demand. Unfortunately, they are calling employees directly and harassing customers. They are threatening to publish client data if companies don’t respond quickly.

Two active groups are behind many of the recent attacks on small and mid‑sized private businesses across the U.S.:

  • LockBit, which relaunched in early 2025 with an updated toolset
  • Scattered Spider, known for impersonating IT help desk staff to steal credentials

These attacks are designed to create urgency and panic. The goal is to pressure companies into paying before there’s time to slow down and think clearly.

Supply Chain Attacks: Your Vendors Are the Weak Link

In late 2024 and into 2025, Conduent Business Services, a payroll and HR provider for thousands of organizations, suffered a major breach. More than 4.3 million individuals were affected, including customers of Blue Cross Blue Shield of Montana.

Many of Conduent’s clients had strong internal security. It didn’t matter. The vendor became the entry point.

In November 2025, attackers exploited Salesforce Gainsight integrations and walked away with data from more than 200 companies in a single incident. Earlier this year, a ransomware attack tied to SonicWall’s cloud backup infrastructure exposed the personal data of over 780,000 people across multiple healthcare organizations, including Social Security numbers and financial account details.

Vendor risk is no longer theoretical. If a vendor has access to your systems, their security posture directly affects yours.

AI Is Making Phishing Attacks Much Harder to Spot

An estimated 16% of reported cyber incidents in 2025 involved attackers using AI‑generated social engineering. That number is rising quickly.

We’re seeing deepfake audio that convincingly impersonates executives to authorize fraudulent wire transfers. We’re seeing phishing emails written in flawless English, using the tone and vocabulary of real colleagues.

The old advice to “check for spelling and grammar mistakes” no longer applies. Many of the traditional warning signs of phishing are disappearing.

Nation‑State Groups Are Active, and Patient

Federal regulators at the Office of the Comptroller of the Currency had their email systems accessed by attackers for more than a year before the activity was detected. That breach wasn’t contained until early 2025.

Earlier this year, an Iran‑linked group disrupted operations at Stryker, a major medical device manufacturer. These aren't quick smash‑and‑grab attacks. Nation‑state actors sit quietly inside networks, sometimes for months, learning systems and access paths before taking action.

Why Small Businesses Are in the Crosshairs

There’s a persistent belief that attackers only care about large enterprises. The data shows the opposite. Small and mid‑sized businesses are often targeted because their defenses are thinner. Many are also vendors or partners to larger organizations, which makes them valuable steppingstones.

When the INC ransomware gang hit OnSolve’s emergency alert system in November 2025, alerts were disrupted across multiple U.S. states. The attack began with access to a vendor network.

When the CL0P group exploited a flaw in Oracle’s E‑Business Suite last year, ransom demands went out to more than 100 organizations. Universities, corporations, and healthcare providers were affected. Many didn’t even know they were exposed until the extortion emails arrived.

What You Can Do, Starting This Week

None of the steps below require a large budget. Most take about an hour to initiate. These are the same controls that have helped keep our clients off the breach notification lists mentioned above.

1. Turn On Multi‑Factor Authentication Everywhere

Multi‑factor authentication stops the majority of credential‑based attacks. Email, VPNs, accounting platforms, cloud storage, and internal portals should all require a second factor. Use an authenticator app like Microsoft Authenticator, Google Authenticator, or Duo. Avoid SMS when possible, since text messages can be intercepted.

This one change dramatically reduces the impact of phishing, even if an employee accidentally gives up their password.

2. Run a 15‑Minute Vendor Audit

Make a list of every outside company that has access to your systems. That includes IT providers, payroll processors, accounting platforms, CRMs, and HR tools.

For each one, ask:

  • Do they use MFA when accessing our systems?
  • When was their last security assessment?
  • What happens to our data if they are breached?

StoredTech enforces strong MFA controls when accessing client systems. Not every vendor does.

You don’t need to replace vendors immediately. You do need visibility. If a vendor can’t answer basic security questions, that’s information you should have.

3. Test Your Backups Today

Modern ransomware groups go after backups first. They try to delete or corrupt them before encrypting production systems.

Your backups should follow the 3‑2‑1 rule:

  • Three copies of your data
  • On two different types of media
  • With one stored offsite or in an air‑gapped cloud environment

Just as important, when was the last time you restored from a backup? A backup that hasn’t been tested is one you can’t rely on. Schedule a test restore this week. It usually takes a couple of hours and gives you clarity very quickly.

4. Update Your Phishing Training

Given how realistic phishing messages have become, training people to spot bad grammar misses the point.

The new standard is simpler. Treat any unexpected message involving money, credentials, or access with suspicion, no matter how professional it looks or who it appears to come from.

Put a verbal verification process in place for wire transfers or financial changes requested by email, even when the email appears to come from an executive. One short phone call to confirm a wire transfer takes about 90 seconds. That call has saved many organizations from losses they would not have been able to recover.

5. Patch Your Systems

Unpatched software remains one of the most common entry points for attackers. The Oracle breach that affected more than 100 organizations this year, including Harvard University and The Washington Post, started with a known vulnerability. A patch was available. Organizations that applied it in time were unaffected. Those that didn’t faced seven‑figure ransom demands months later.

Enable automatic updates wherever possible. For systems that can’t be updated automatically, assign clear responsibility for weekly patch checks and document the process.

StoredTech applies patches based on the schedule defined during onboarding. As business needs change, it’s worth revisiting that policy to make sure it still matches your risk profile.

6. Review User Access and Remove What’s Not Needed

Many breaches spread because a compromised account had far more access than necessary.

Audit your user accounts. Disable accounts for former employees and contractors. Eliminate shared logins. For current staff, confirm whether admin privileges are actually required.

When attackers land in a limited account, the damage tends to be contained. When they land in an admin account, it rarely is.

Not Sure Where to Start?

Ask us for a Security Baseline Review.

We’ll assess your exposure across six key areas: MFA, vendor access, backups, patching, user accounts, and phishing readiness. You’ll get a clear, plain‑language report with a prioritized action list.

No confusing language. No upsell pitch. Just a realistic view of where you stand.

To reach out, click or tap here.

A Final Word

Every organization mentioned above had antivirus software and MFA in place.

Tools alone don’t prevent incidents. The organizations that recover best are the ones that treat security as an ongoing conversation, not a one‑time checkbox. We share these advisories because we’d rather you hear this from us now than read about it later in a breach notification letter with your company’s name on it.

If this raises questions about your current setup, a suspicious email you received, or anything else, reach out. That’s why we’re here.

- Aleks Pavlinik, Chief Information Security Officer at StoredTech
Looking to level up your cybersecurity? Let's talk!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share this

Latest Technology Trends and Strategies

Insights for leaders who want results.

Technology
May 26, 2026

When Aging Hardware Becomes a Business Risk (and What to Do Instead)

Read more
Technology
May 19, 2026

What Should You Look for in a Managed IT and Cybersecurity Provider?

Read more
Technology
May 11, 2026

AI at Work: How to Use Artificial Intelligence Strategically and Ethically in Your Business

Read more
View All

Keep Your Business Running with 24/7 IT Support.

Get reliability, security, and peace of mind from a partner that picks up every time. Fill out a quick form and get in touch with us today!