The Real Reason Small Businesses Are the New #1 Target for Hackers | Ep 233 with Scott Alldridge Founder of IP Services - Founder's Story

Summary4 min read

Summary of "The Real Reason Small Businesses Are the New #1 Target for Hackers | Ep 233 with Scott Aldridge Founder of IP Services"

Founder's Story by IBH Media, hosted by Daniel, presents an enlightening episode featuring Scott Aldridge, the Founder of IP Services. Released on June 18, 2025, this episode delves into the pressing issue of cybersecurity threats targeting small businesses, uncovering the underlying reasons and offering actionable insights to bolster defenses.

Introduction

In this episode, Daniel engages Scott Aldridge in a comprehensive discussion about the increasing vulnerability of small businesses to cyber-attacks. Drawing from over two decades of experience, Scott provides a nuanced perspective on the evolving threat landscape and the strategies businesses can adopt to protect themselves.

Business Longevity: The Power of Reinvention ([02:01] - [03:09])

Scott begins by reflecting on his entrepreneurial journey, emphasizing the critical role of adaptability in sustaining a business.

Scott Aldridge ([02:01]): "Being able to reinvent yourself... is one of the challenges that's really hard to do."

He highlights that remaining stagnant can be detrimental, especially in the fast-paced technology sector. By continuously evolving and anticipating shifts in service delivery and technological advancements, IP Services has maintained its relevance and competitiveness.

Staying Ahead in the Technological Frontier ([03:09] - [04:21])

Addressing the rapid advancements in technology, Scott underscores the importance of constant research and collaboration.

Scott Aldridge ([03:13]): "Constant research, constant looking for... the latest technology landscape."

He explains that partnering with organizations like the IT Process Institute allows his team to stay updated with the latest trends and innovations. This proactive approach ensures that IP Services can effectively integrate new technologies such as artificial intelligence (AI) into their offerings, enhancing both their services and security measures.

AI and Cybersecurity: A Double-Edged Sword ([04:21] - [06:47])

Scott delves into the intricate relationship between AI and cybersecurity, portraying it as a "cat and mouse game."

Scott Aldridge ([04:46]): "AI can be used both for the good and the bad."

He elaborates that while AI enhances defensive capabilities by enabling faster and more efficient threat detection, it simultaneously empowers cybercriminals with more sophisticated tools and attack methods. This duality necessitates a balanced approach, incorporating both advanced technologies and foundational security practices like the zero-trust model.

Authorship and Thought Leadership ([07:35] - [10:24])

Scott shares his motivation behind authoring Visible Ops Cybersecurity, a book that builds upon his earlier work in IT processes.

Scott Aldridge ([07:35]): "There's a lack of prescriptive guidance... our book gives practical methodologies like zero trust."

The book serves as a practical guide for businesses to implement effective cybersecurity measures. Scott emphasizes that the book is not just a personal achievement but a resource aimed at elevating industry standards. Collaborations with major vendors like HP and Red Hat have been instrumental in promoting the book, contributing to its status as an Amazon bestseller.

Current Cybersecurity Threats to Small Businesses ([14:04] - [17:18])

The core of the discussion centers on why small businesses have become prime targets for cyber-attacks. Scott dispels the misconception that small enterprises are insignificant targets.

Scott Aldridge ([16:19]): "No business is too small."

He explains that cybercriminals recognize the lucrative opportunities in exploiting smaller businesses, which often lack robust security infrastructures. Techniques such as ransomware attacks have become increasingly sophisticated, with operations resembling franchises that offer tools and support to hackers. These cyber threats demand that businesses adopt comprehensive security measures, including immutable backups and regular testing of disaster recovery plans.

Promoting a Security-First Culture ([18:32] - [19:25])

Concluding the episode, Scott emphasizes the importance of fostering a security-first mentality within organizations.

Scott Aldridge ([19:04]): "Every business should have tried this... immutable separated backups."

He advocates for proactive strategies, such as assuming a breach and implementing layered security defenses, to mitigate risks. Scott underscores that cybersecurity is not solely about adopting the latest technologies but also about establishing foundational practices that ensure business continuity and data integrity.

Conclusion

Scott Aldridge's insights shed light on the critical vulnerabilities small businesses face in the digital age. His emphasis on continuous adaptation, proactive research, and foundational security practices provides a robust framework for businesses aiming to safeguard against sophisticated cyber threats. Founder's Story delivers a compelling narrative that not only highlights the challenges but also offers practical solutions to empower entrepreneurs in building resilient and secure enterprises.

Notable Quotes:

Scott Aldridge ([02:01]): "Being able to reinvent yourself... is one of the challenges that's really hard to do."
Scott Aldridge ([03:13]): "Constant research, constant looking for... the latest technology landscape."
Scott Aldridge ([04:46]): "AI can be used both for the good and the bad."
Scott Aldridge ([07:35]): "There's a lack of prescriptive guidance... our book gives practical methodologies like zero trust."
Scott Aldridge ([16:19]): "No business is too small."

This detailed summary encapsulates the essence of the episode, providing listeners with valuable insights into the intersection of small businesses and cybersecurity threats, while highlighting Scott Aldridge's expertise and contributions to the field.

Loading summary

Transcript50 lines

[00:00]
Multicare Representative
Our state has changed a lot in the last 140 years. We know because Multicare has been here guided by a single making our communities healthier. That comes from making courageous decisions, partnering with local communities to grow programs and services, and expanding healthcare access to those who need it most. Together, we're building a healthier future. Learn more@ multicare.org.
[00:31]
T-Mobile Employee
Hi Zoe Saldana. Welcome to T Mobile. Here's your new iPhone 16 Pro on us.
[00:36]
Zoe Saldana
Thanks. And here's my old phone to trade in.
[00:38]
T-Mobile Employee
You don't need a trade in when you switch to T Mobile. We'll give you a new iPhone 16 Pro. Plus we'll help you pay off your old Phone up to 800 bucks and you still get to keep it.
[00:47]
Zoe Saldana
There's always a trade in.
[00:48]
Scott Aldridge
Not right now.
[00:49]
T-Mobile Employee
@ T Mobile.
[00:49]
Zoe Saldana
I feel like I have to give you something in return for karma.
[00:52]
T-Mobile Employee
That's okay.
[00:53]
Zoe Saldana
I don't really have much in my purse. Oh, let's see. Hand sanitizer. It's lavender.
[00:57]
T-Mobile Employee
I'm good. Seriously.
[00:59]
Zoe Saldana
Let me check this pocket.
[01:00]
Multicare Representative
Oh, mints.
[01:01]
T-Mobile Employee
Really, I'm fine.
[01:02]
Zoe Saldana
Oh, I have raisins. I'm a mom. Wait, wait one sec. I've got cupcakes in the car.
[01:07]
T-Mobile Advertiser
It's our best iPhone offer ever. Switch to T Mobile, get a new iPhone 16 Pro with Apple intelligence on us. No trade in needed. We'll even pay off your phone up.
[01:16]
T-Mobile Announcer
To 800 bucks with 24 monthly bill credits. New line 100 plus a month on experience beyond finance agreement 999.99 and qualifying ported for well qualified plus tax and $10 connection charge payout via virtual prepaid card. Allow 15 days credits end in one balance due if you pay off early.
[01:30]
Daniel
Or cancel CT mobile.com so Scott, something that I've noticed that is a very, very hard thing to get in business is to be in business for over 20 years. I was reading some stats that most Companies fail within two years, five years and it's like 90 something percent of companies do not exist after 10 years.
[01:55]
Host
What has been something that you've done.
[01:56]
Daniel
That'S been enabling you to be able to be in business over 20 years?
[02:01]
Scott Aldridge
Yeah. Well, thanks for having me, Daniel. And yeah, being in business for 20 years, it's actually been a little longer than that. It was actually kind of a teen entrepreneur when I started 19, my first business. But the big key there is is basically being able to reinvent yourself. And I think that's one of the challenges that's really hard to do. Sometimes we get into norms and we get very hyper focused and myopic and we really aren't looking at what is the next potential shift in how we deliver service or what services we are delivering. And of course in technology, it's an ever changing world out there. So we were constantly evolving and figuring out how to deliver the next, you know, kind of the next generation of services. So that's been a big, big part of the I say success quotient, if you will, for establishing and longevity of 20 years of business.
[02:54]
Daniel
Plus I imagine if you're in a technology focused business and technology is advancing at a rate that's. I don't know if we can even keep up mentally right now. It's so fast. How do you stay at the front and at the forefront?
[03:09]
Host
I mean you went through like the.
[03:11]
Daniel
Dot com era all the way to now.
[03:13]
Scott Aldridge
Yeah, the Internet was just becoming a thing when we, when we first launched into some software, software, retail stores, that kind of thing way back in the day. But the idea there, staying up on stuff is first off, when you've kind of lived in this space and it really is your career and it's what you do, it is a little easier to, you know, assimilate new information, be able to take it in, understand it. We live in a world of acronyms like a lot of industries. So it's not quite as difficult to stay up on stuff if you're living it every day for years and years. However, with that said, yeah, constant research, constant looking for kind of, you know, working with organizations that do research that we partnered with. I have a little sister division that's called the IT Process Institute. So we do some research and development, really research, benchmarking and prescriptive guidance which is a little bit where the books and the thought leadership comes from. So that helps us stay at the forefront. Kind of at the tip, if you will, of what is the latest technology landscape, digital transformation. How are you ready for it? And of course in today's world, it's all about cybersecurity and artificial intelligence.
[04:21]
Daniel
So how are you seeing the coming together now more mainstream? Because I'm sure it's been that way for a while, but it's becoming more and more mainstream. And now you had Gen AI and stuff and I'm sure there's so many cybersecurity threats that are happening. How are you looking at AI now, cybersecurity, those two things morphing and merging as what could be a challenge or what could be a benefit?
[04:47]
Scott Aldridge
Yeah. So not to oversimplify it, but it's A little bit back to the antivirus days where we get an antivirus piece of software to keep malware off our machines and it would do a really good job. Whatever flavor you use, there were lots of them out there, semantic, you know, antivirus, etc. And then of course they have an update you need to do because they figured out how to inject new malware that would go around the anti malware. And so it became a cat and mouse game. And you know, that's a little bit where we're at modern day with, you know, cybersecurity and particularly, you know, AI. The, you know, AI is, can be used both for the good and the bad. So the bad actors and the threat actors are using AI in ways they never have before. They're getting really smart. They're able to launch multi, you know, tiers and points of attack that they weren't capable of doing in the past. And that is definitely creating challenges in cyber security and set up. However, we also have the deployment of the proactive AI that's actually looking and defending in a much faster, higher rate. So we're kind of back a little bit to the, you know, cat and mouse game chasing each other as to which one's doing what. But they're, at the end of the day, good. Cybersecurity really is not necessarily about the next shiny toy or the next cool tool or even AI per se. Even though we're having to get better about AI itself, because even employing AI for other purposes in your organization can actually open up cybersecurity threats you may not have even thought about. So that's really kind of the tip right now of cybersecurity is really, how do we know that the AI that we're introducing into our organizations is secure? Because everybody's trying to use it to be more efficient. So long answer. But the short form is, yeah, I think we have to utilize the latest technologies to keep up with the bad actors, but also understand that there are foundational layers of security. There's no point based one thing you can do, it's always layers. We use, we use a methodology called zero trust and there's multiple layers as how we deploy zero trust to protect organization.
[06:48]
Daniel
I think it's good to have a business that is always changing. I think that, you know, if I look at what companies have survived over long periods of time, there's a lot of companies that have been dying the last few years and they're not really companies that had changed or they didn't adapt. They just kind of continued. But we're seeing, you know, tech companies and companies that are, that are adapting very quickly are the ones that are continuing to survive. Like you over 20 years in business. So you're in business over 20 years and you're in cybersecurity. And for some reason you're like, I'm going to write this book. What made you inspired to even write a book and how that was going to play into entrepreneurship or building your personal brand or whatever you hope to achieve from that book.
[07:36]
Scott Aldridge
Yeah, great question. The reality is that as I referred to earlier, we really had spun back in the mid-2000s, kind of the IT process institute to really research and benchmark and deliver prescriptive guidance. There's kind of a lack of that. It's matured over the years to some degree, but there's still in it. It's kind of like Mike does it one way, Sarah does it another way. What is really the best way? What is the best practice? And so that's really where we camped with our research and borrowed research and partnered with research to find out that there are some foundational controls, processes and how you do things that really drive high performance and IT management. Interestingly enough, a lot of that came back to this one study that said that all IT failure, downtime, you know, lack of availability or issues in is COR. And this is 75%, 80% between there depending on which study is correlated to some unapproved, unauthorized, untested change. So the working thesis became let's do really good change management around how we do it and how we implement changes, where we allow them to happen. And what we've come to find out more recently is that actually no security breach will happen without a change or a need for a change. Either I convince somebody by socially engineering them to become them or hack in, or I just brute force hack in and I change something to be able to siphon data, to get personal data, you know, confidential data information, that kind of stuff. So that's the background and kind of living in that world for many years and that research and kind of having that insight really kept me thinking about how the earlier books and the core of what we call IT processes and IT process efficacy, which is the third chapter of my book, still applies to cybersecurity today. So I had this kind of brainstorm, noodled on it for a couple of years, spent about eight months to really author the next version of the Visible Ops series of books. We did one called Visible Ops security like over 10 years ago. This one's visible ops, cyber security. Because we didn't call it cyber security back then. And in this particular book I get into some very specific applications, if you will, methodologies. Zero trust, as I referred to before, really giving practical guidance for how small companies and large companies can at both sizes. Right. Smaller enterprise can actually use these methods to seriously increase their cyber security posture, make huge advancements. A lot of the things I referred to are kind of 80, 20 rules, if you will. 20% of the effort can give you 80% of the benefit and protection against the bad actors, the threat actors really enhance your cyber security. So that's the background on the book.
[10:05]
Daniel
Generally speaking, you write this book series. You got the series now over 350,000 copies, which is insane. Most people sell like 200 copies. So to sell, you know, six figures of copies is very, very challenging.
[10:22]
Host
What helped you in that time?
[10:24]
Daniel
Because you're, you're not like a full time author that's only focused on books. You got this business and then you have the book and then you have all these things, you know, supplementing each other. But what has been helping you in terms of getting your book out there and getting it heard?
[10:38]
Scott Aldridge
Yeah, there's and, and the, you know, the IT Process Institute and the series of books, the Visible Op series really is somewhat of an altruistic goal. Raise the tide that floats the boats in terms of IT management, best practices, cyber security. We want to help everybody do better and so if they can glean something to book. So the first off, there's altruistic goal, right? Just we really want to help businesses across the US and the globe really increase, enhance against the bad guys. Um, that's the first goal. The second part of the book and what's kind of helped it is that it really is part and parcel to the types of services.
[11:09]
Host
Starting your business should be simple. That's why I love what Northwest Registered Agent is doing. You can build your entire business identity in just 10 clicks and 10 minutes. Seriously, whether you're launching your first company or your fifth, you get more when you start with Northwest. More privacy, more guidance, and more freedom to run your business from anywhere. They've helped businesses grow for nearly 30 years and they've got your back. For just $39 plus state fees, Northwest will form your business, create a custom website and set up a local presence anywhere you need it. Want more? They'll protect your identity by using their address on your formation documents. And their premium mail forwarding gives you a real business address that keeps your home info protection private. Which I have used this service for many years. Don't wait, protect your privacy, build your brand and set up your business in just 10 clicks. In 10 minutes, visit northwest registered agent.com founders and start building something amazing. Get more with Northwest Registered Agent AtNorth registered agent.com founders that we deliver, we.
[12:22]
Scott Aldridge
Kind of are the living, breathing visible ops organization. That's kind of how we deliver our practice and our service around cybersecurity. So it is, it is, it helps my organization both internally, my people read and learn from it. We train in it. We actually have some online certification training for Visible Ops you can actually have access to. So there's a lot of things that are around the book that kind of feed off of kind of the ecosystem. But also we, we early on had partnered with several vendors, larger vendors, hp, Red Hat, some of those types of vendors, to help us promote the books. And so they actually would buy thousands of copies of them and help promote them through conferences and through different activities that they were doing to promote their businesses. Because a lot of the principal concepts and the principles of the book are really very simpatic, you know, simpatico, if you will. They, they complement the service, the types of software and around security really gives the research and the backdrop to promote the type of services that those vendors actually provide. So that's the vendor relationships also help really promote the book as well, besides, you know, being a part of our business. And of course it things at some point take on a little bit of a, if you will, viral. And so my book just became an Amazon bestseller. It's starting to get a little viral now. So we're seeing that activity kick up like we've seen with the other books and hopefully start to really take off over the next few months.
[13:46]
Daniel
That's, it's a very unique perspective on, on a book because many people, they write a book and they hope it builds their personal brand because maybe they want to speak. But the fact that you're, you're taking the book and then leveraging that within the organization and then also connecting that to other corporations, that's a very unique spin.
[14:04]
Host
When you go.
[14:05]
Daniel
When you think about cybersecurity, what right now do you feel are like the biggest threats that businesses need to know about?
[14:14]
Scott Aldridge
So couple of things there. I could talk on and on about this one, but the first thing I would say is that no business is too small. The last couple of years, they're going crazy downstream to small organizations. You know, companies that Maybe only do 500,000 worth of sales, believe it or not. So a lot of belief out there is, well, we're just not a target. We're too small. They wouldn't want, they're not interested in us, but they are. And they'll take five grand, ten grand. The other thing is that they're highly sophisticated, not only using AI, but ransomware. Franchises is a real thing. You can actually sign up for a franchise, they give you a tool set. If you're a smart high schooler with computers, you try to hack in, you get maybe a little bit into their network, you can then partner with the franchise, they'll come in and then they split the proceeds on the ransomware. It's that sophisticated. Then when you go to pay, they don't just have you pay some way, they actually send you their call center and their call center will take your payment. They want to convert typically crypto currencies into dollars because they don't want to be traced. So this is the world we live in. The threats are everywhere and they're going way downstream. One of the first principles we talk about with all companies that we work with is assume breach. Because if the bad guys really do want to get in, they generally will find a way to get in, about 99% chance. That's why we see some of the big, big corporations that have every tool deployed and all the experts in the world, and yet they're still getting hacked for millions of dollars. So the point is we start with assumed breach, which means you have to have backup and restore and what we call immutability, where your backups are not even connected to your network, they're privately, securely encrypted and stored so that when the bad guys get in, what they typically will do is they'll not only encrypt your current systems, but they'll find where your backups are, they'll encrypt those, and then people can't restore and then you're stuck and you have to pay. So the first principle, and I'll just give the one, is working on true value, business continuity, business disaster recovery, business backup and restore with immutability, air gapped backups. That's a really important principle. But there's a couple of things right there. No business is too small. That's the world we live in now. And every business should have tried. And true immutable, separated backups that are tested regularly.
[16:19]
Daniel
I watch these YouTube videos where these hackers hack into these scam call centers and then they, they, they actually revert it back to them.
[16:28]
Host
Is very interesting.
[16:28]
Daniel
Yeah, I'm. I'm shocked. And I've listened to these calls and the sophistication I've been. It's happened to me before. I thought the same thing. Like, no, I'm too small. No one's going to reach out to me. And they did. And it took like a year before I even knew that we were sending money. Money that's going to the wrong person, not us. It was a disaster. So, Scott, I could see that not only corporations, other IT companies, but even businesses need to read the book. And cybersecurity might be, you know, one of the things that we need to focus on that we are not focused on. We're always profitability, hiring leadership. But many times business owners are just not focused on these threats. But Scott, if you want to get your book, hopefully there it is. The visible ops. Maybe you saw another half.
[17:19]
Host
Starting your business should be simple. That's why I love what Northwest Registered Agent is doing. You can build your entire business identity in just 10 clicks and 10 minutes. Seriously, whether you're launching your first company or your fifth, you get more when you start with Northwest. More privacy, more guidance and more freedom to run your business from anywhere. They've helped businesses grow for nearly 30 years and they've got your back. For just $39 plus state fees, Northwest will form your business who create a custom website and set up a local presence anywhere you need it. Want more? They'll protect your identity by using their address on your formation documents. And their premium mail forwarding gives you a real business address that keeps your home info private, which I have used this service for many years. Don't wait. Protect your privacy, build your brand and set up your business in just 10 clicks. In 10 minutes, visit Northwest river registered agent.com founders and start building something amazing. Get more with Northwest registered agent at northwest registered agent.com founders a million.
[18:32]
Scott Aldridge
That be great. Yep. Thank you for the time. I really appreciate the the interview.
[18:38]
Daniel
How could people get the book?
[18:39]
Scott Aldridge
Yeah, so go. My author's website is Scott Aldridge.com S C O T T a L l d R I d g e.com and from there I've got links to the IT Process Institute to IP Services, my company. But you can order the book right there through an Amazon link that's there. You can go to Amazon and just type in visible op cybersecurity. It'll pop right up. So Amazon's the best way to really get the book.
[19:02]
Daniel
Scott, this has been great. Thanks for sharing.
[19:03]
Host
Today I learned something.
[19:05]
Daniel
I'm going to go back now and see what changes I can make. And I might need to just read that book, Scott. I think I need to read it. I hope everyone who's in the industry gets to read it, too, and we can all feel safer and not keep allowing these people to continue being a threat to us. But Scott, this has been great. And thank you for joining us today on Founder Story.
[19:26]
Scott Aldridge
Awesome. Thank you.