Ciphrai Security

01/06/2026

43% of cyberattacks target small businesses. 🎯

And the scary part? Most of them don't have a single security tool in place.

They think Gmail or Outlook "handles it." They only find out they were wrong when customer data is stolen, accounts are compromised, or worse — they have to shut down.

60% of small businesses close within 6 months of a cyberattack.

If you run a business, you need more than just an email provider. You need real security.

Something big is coming soon. Follow our page to stay protected. 🛡️

21/05/2026

Most small businesses are missing at least one of these five basics — and not because they are careless. Because no
one ever told them these things matter.
Separate your guest WiFi from your business network. Change your router's default password. Enable device-level
firewalls. Keep all software updated and patched. Use a VPN for any remote work.
These are not advanced security measures. They are fundamentals. And every one of them can be implemented this
week, mostly for free.
Save this post. Go through the list. Fix what is missing.
Follow us for practical security content built for businesses like yours.

20/05/2026

■ Website security basics — what every business owner needs to know.
If your business has a website — and almost every business does — that website is a potential entry point for
attackers.
This is not fearmongering. Automated bots scan millions of websites every single hour looking for vulnerabilities.
Outdated plugins. Weak admin passwords. Missing security headers. Unpatched software. They find what they are
looking for, log it, and flag it for exploitation.
The good news: most website vulnerabilities are not sophisticated. They are basic. And basic problems have basic
fixes.
Here is what every business website needs as a minimum:
■ HTTPS — encrypts data between your visitors and your site. Non-negotiable.
■■ A Web Application Firewall (WAF) — filters malicious requests before they reach your server
■ Regular software updates — outdated plugins and CMS versions are the #1 entry point for website attacks
■ Tested backups — stored off-site, tested regularly. Not just "I think we have backups."
■■ Traffic monitoring — alerts you when attack volumes spike or unusual patterns appear
None of these require an in-house IT team. Most can be set up in an afternoon.
This week we are sharing practical network and web security content every day. Follow this page so you do not miss it.
And if you want to know exactly how your website and network measure up — we are launching soon. Follow us to be
the first to know.

20/05/2026

■ How a small business lost customer data through an unsecured website form.
A professional services firm had a contact form on their website. Standard setup — name, email, message, submit.
Nothing unusual.
What they did not know was that an attacker had injected a script into that form three months earlier. Every submission
— client names, email addresses, phone numbers, enquiry details — was being silently forwarded to an external
server.
The firm found out when a client called to say they had been receiving spam that referenced specific details from an
enquiry they had submitted through the website.
Three months of client data. Leaked. Through a form that processed maybe 20 submissions a week.
This is cross-site scripting (XSS). It is one of the most common website attacks. It is entirely preventable with a Web
Application Firewall and basic input validation.
The firm had neither.
The consequences went beyond the data loss:
→ POPIA breach notification obligation triggered
→ Client trust damaged, two retainers cancelled
→ Emergency security remediation cost
→ Ongoing monitoring and audit requirements
All of this from one unprotected form on a small business website.
This week we are sharing exactly what WAF protection is and how it prevents attacks like this. Follow this page for
daily web security content.

19/05/2026

Your website is being scanned for weaknesses right now. Automated bots probe millions of sites every hour looking for
login pages to brute-force, forms to inject code into, and outdated software to exploit.
A Web Application Firewall (WAF) is the layer that stands between those attacks and your website. Every incoming
request gets filtered before it touches your server. Malicious ones get blocked automatically.
This carousel explains exactly what a WAF does, what attacks it stops, and why enterprise-grade WAF protection is no
longer something only large companies can afford.
Swipe through and share with whoever manages your website or IT.
Follow Ciphrai Security for weekly network security content.

18/05/2026

This week we learned that the Canvas/Instructure breach was not a sudden attack. It was the third time ShinyHunters
had breached Canvas in eight months.
KrebsOnSecurity reports that in September 2025, ShinyHunters used Canvas as a pathway to access University of
Pennsylvania internal files — donor records, internal memos, confidential materials. The breach was treated as a
Penn-specific story. Instructure handled it quietly.
That was the proof of concept.
May 1, 2026 was the production run. 275 million students. 3.65TB. 9,000 schools.
On May 12, Instructure confirmed it had reached an "agreement" with ShinyHunters — a ransom settlement to stop the
leak. What that means: the data may still exist in the attacker's hands. Payment does not guarantee deletion.
Two things every business leader needs to take from this:
1. Attackers are patient. Eight months of access before the full attack. By the time you know, they have already been
inside for longer than you think.
2. Paying ransom is not a resolution. It is a negotiation — with criminals who have no contractual obligation to honour
the deal.
The only real protection is preventing the initial breach and detecting it early.
Follow Ciphrai Security for weekly threat intelligence you can act on.
INSTAGRAM HASHTAGS

16/05/2026

Most small business websites are attacked hundreds of times a day by automated bots — and most business owners
have no idea.
These 5 questions take less than 10 minutes to answer. They will tell you whether your website is protected or
exposed.
Are your plugins updated? Do you have HTTPS? Is there a WAF in place? Do you have tested backups? Are you
monitoring for unusual traffic?
If you answered "no" or "I'm not sure" to any of these — your website has gaps that attackers actively look for.
Save this post. Work through the checklist this week.
Follow us for practical security guidance your business can act on.

15/05/2026

15/05/2026

Microsoft has issued a warning about an active global campaign stealing authentication tokens from tens of thousands
of users.
Authentication tokens are what your device uses to stay logged in after you enter your password and complete MFA.
Once an attacker steals your token — they can log in as you. No password needed. No MFA prompt. No alert. They are
authenticated because they have the token that proves you already authenticated.
This campaign has targeted 35,000 users and is ongoing.
This is why MFA, while essential, is not a complete defence on its own. Attackers have evolved past simple password
theft. Token theft is the next evolution — and most businesses have no detection in place for it.
What to do: → Enforce conditional access policies that check device compliance on each session → Set shorter token
lifetimes for sensitive applications → Use phishing-resistant MFA — hardware keys or passkeys rather than SMS codes
→ Monitor for sign-ins from unusual locations or devices even on authenticated sessions
The fact that MFA was bypassed does not mean MFA is pointless. It means MFA alone is not enough — and your
security stack needs to include session monitoring.
Follow Ciphrai Security for weekly security alerts.

15/05/2026

The Mandiant M-Trends 2026 report dropped this week. Here are the numbers that should stop every business owner in
their tracks.
■ Malicious packages on public repositories: up 75% ■■ Cloud intrusions: up 35% ■ AI-generated phishing: now
outperforms human red teams entirely ■ 28.3% of all CVEs are exploited within 24 hours of public disclosure
That last one deserves a moment.
In 2020, the average time from vulnerability disclosure to active exploitation was over 700 days. Businesses had nearly
two years to patch before attackers weaponised a flaw.
By 2025, that window had collapsed to 44 days.
In 2026 — nearly 1 in 3 vulnerabilities is being exploited before most businesses have even read the advisory.
The old advice of "patch within 30 days" is not just outdated. It is dangerous.
And AI is accelerating everything on the attacker's side. Phishing that used to require research and skill to write
convincingly can now be generated at scale, in any language, personalised to the target, in seconds.
The threat environment has changed fundamentally. Defence needs to change with it.
Follow Ciphrai Security for weekly threat intelligence that keeps you ahead.