TL;DR: Automated scanning, ransomware-as-a-service, and supply chain abuse have erased the old assumption that small and medium-sized businesses are too small to target, according to Senserva. The real security shift is from obscurity and perimeter thinking to assume-breach operations that can withstand industrialised attacks.
NHIMG editorial — based on content published by Senserva: Every organisation is a target, and security through obscurity is over
Questions worth separating out
Q: How should small organisations respond to automated cyberattacks?
A: They should stop treating size as a security control and instead reduce exposure, harden identity paths, and monitor continuously.
Q: Why do small businesses get targeted even when attackers can go after larger firms?
A: Because automation makes volume more profitable than precision.
Q: What do security teams get wrong about security through obscurity?
A: They confuse being less visible with being less exposed.
Practitioner guidance
- Inventory exposed identity and access paths Identify every externally reachable system, remote access path, and third-party integration, then confirm which credentials or tokens can touch them.
- Build assume-breach response into access design Make monitoring, alerting, and isolation part of the access model so that privileged sessions, admin accounts, and recovery channels can be contained quickly when compromise occurs.
- Review third-party trust as identity scope Map vendor accounts, API keys, SSO links, and shared administrative paths, then confirm revocation works when a supplier relationship changes.
What's in the full article
Senserva's full article covers the operational detail this post intentionally leaves for the source:
- A practical breakdown of how Drift Manager searches for configuration drift across deployed security products.
- Details on how user-defined rules can be applied across specific tenants for ongoing validation.
- Examples of ticketing-system integration that automate remediation tracking from discovery to closure.
- The mechanics of automatic ticket closure after remediation validation, useful for operational teams.
👉 Read Senserva's analysis of why every organisation is now a cyber target →
Every organisation is a target now. Are your controls keeping up?
Explore further
Every organisation is a target because cybercrime is now industrialised, not bespoke. The article is right to reject the comforting idea that smaller businesses are below an attacker’s radar. Automated scanning and ransomware-as-a-service mean that exposure, not enterprise size, determines whether an organisation gets hit. For identity and security teams, that means governance must assume continuous hostile discovery rather than selective targeting.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when a supplier connection is abused in an attack?
A: Both parties are accountable for their own control scope. The supplier must govern the access it holds, and the customer must review what trust it has delegated. If offboarding, revocation, and monitoring are not explicit, the identity relationship itself becomes part of the attack path.
👉 Read our full editorial: Every organisation is a target: why small business security broke