They're Not 'Hacking' — They're Logging In: The Dangerous Myth Small Businesses Fall For

Episode notes

Imagine an attacker not as a hoodie-wearing wizard wrestling with your firewall, but as someone quietly slipping through an unlocked back door with keys they bought on the dark web. In this episode we sit down with Corrine Jefferson, a former government cyber professional who now helps UK small businesses understand how real attackers operate. Grounded in Palo Alto Networks Unit 42's Global Incident Response Report 2026, our conversation is built on more than 750 serious, real-world investigations from October 2024 to September 2025. Not theory. Not vendor marketing. Actual cases. The numbers are stark: identity weaknesses featured in nearly 90% of incidents, and 65% of all initial access was identity-driven. We start by setting the scene: your people live in the browser. Outlook, payroll, Teams, your CRM, and a pile of SaaS tools. That ordinary click is the battleground. Attackers buy credentials, harvest session tokens, and exploit OAuth grants. Once they have a valid login, they blend into normal traffic and move silently.