In March this year, an Iran-linked hacker group called Handala wiped over 200,000 devices of Stryker, one of the world’s largest medical technology companies. The attackers simply gained access to Microsoft Intune and turned it against the company by issuing a mass remote wipe command.
A company with $25 billion in annual revenue and 56,000 employees was knocked offline in a matter of hours.
If that can happen to a Fortune 500 org with an enterprise security budget, it can happen to a 20-person firm in Phoenix that runs on the same Microsoft stack. And Arizona businesses aren’t hypothetical targets. In January last year, Scottsdale-based SimonMed Imaging suffered a ransomware attack that exposed the private data of over 1.2 million patients.
The numbers back up the urgency. According to Verizon’s 2025 report, SMBs experienced roughly 400% times more data breaches than large organizations in 2024. The FBI’s 2025 Internet Crime Report puts total U.S. cybercrime losses at $21 billion, with ransomware and phishing leading the charge.
The attacks are coming from well-funded groups that use AI to automate reconnaissance, craft convincing voice clones, and exploit the same cloud tools your business depends on.
The good news is that you don’t need a Fortune 500 budget to defend against these attacks. Here are five ways to protect your business from both traditional and AI-powered cyberattacks:
1. Lock down identity and access management
The Stryker breach wasn’t a sophisticated zero-day exploit. Once the attackers had Microsoft Intune credentials, they used the company’s own device management system to wipe over 200,000 devices.
This is why identity and access management (IAM) is your first line of defense. If you’re running a Microsoft environment, you should enforce multi-factor authentication on every account that touches your admin console. Not just the IT lead, but every user with elevated privileges.
Beyond MFA, apply the principle of least privilege. Most SMBs hand out admin access freely because it’s faster than setting up proper role-based controls. That convenience becomes a liability when one stolen password gives an attacker the keys to your entire network.
Review who has global admin access in your M365 tenant. If you can’t name every person on that list and explain why they have it, your business is exposed. You can also use Azure AD to set up time-based admin rights to reduce exposure.
2. Migrate from break/fix to proactive threat monitoring
SimonMed’s attackers operated for a full week before the company detected the intrusion. If your IT strategy is built around fixing problems after they happen, you’re always playing catch-up.
A break/fix model can’t detect intrusions or flag unusual admin behavior at odd hours. That’s why you need proactive threat monitoring. Instead of waiting for an alert that says “your server is down,” a managed IT provider watches for the early signals that precede an attack, including abnormal login patterns and configuration changes to admin tools.
The cost of IT downtime is steep enough without giving attackers a head start. Moving to a predictive model means you thwart most of the security issues before they pose a threat to you.
3. Train your team to recognize AI-powered social engineering
AI has fundamentally changed what phishing looks like. Today’s AI-powered attacks use emails that read like they came from executives, complete with the correct grammar and context.
Voice cloning adds another layer. That means a voicemail greeting or an interview clip can give a scammer everything they need to impersonate your leadership on a call.
Employees can’t detect these threats with outdated training. You should run regular simulations that reflect actual AI-generated attacks, including how to spot the right context.
Every employee should know how to verify urgent requests through a second channel before acting on them, whether that’s a Slack message or a direct call to a known number.
4. Test your disaster recovery plan
Stryker lost 200,000 devices in one command. If your recovery plan has never been tested under real conditions, you don’t actually know if it works.
Most businesses treat disaster recovery as a checkbox item. They set up backups, document a plan, and file it away. But when a crisis hits, you’ll discover the gaps at the worst possible moment.
You should establish a clear Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for your critical systems. Then test against those benchmarks at least quarterly. Simulate a full system failure and time how long it takes to restore operations. If that number is higher than your business can survive, you know exactly where to invest.
A well-thought-out cloud system plays a critical role here. If your primary systems go down, backup servers should take over the workload automatically, which cuts your recovery window from days to minutes.
5. Work with IT experts to access cutting-edge cybersecurity features
The attacks we’re seeing in 2026 aren’t amateur operations. These are state-backed and AI-enhanced, designed to exploit the tools you already use. Defending against them requires more than antivirus software and a firewall.
Cybersecurity features like endpoint detection and response (EDR) and conditional access policies are available to businesses of every size, but only if you have the expertise to deploy and manage them. Most SMBs don’t have a dedicated security team, which means these tools either go unused or get misconfigured.
That’s where a managed IT provider fills the gap. An MSP gives you access to the same caliber of cybersecurity that protects large companies without the overhead of building an in-house security operation. A team of experts monitors your environment around the clock and acts on threats before they become breaches.
Don’t wait for a state-backed attack to test your defenses
MyTek helps Arizona businesses close the gap between state-backed cyberattacks and your security systems. We deploy managed IT solutions that monitor your environment around the clock, upgrade your Microsoft stack, and give you access to enterprise-grade cybersecurity without the overhead of an in-house team. As your local partner to Arizona businesses, we make sure your defenses evolve as fast as the threats do.
You don’t have to figure this out alone. Schedule a cybersecurity assessment with MyTek today and find out where your business stands.