Please welcome our newest member from France, Samira Marquaille Samira Marquaille is an IT Project Manager with more than 20 years of experience across both public and private sectors, with a strong focus on data privacy. She is skilled at uniting teams and fostering collaboration …
CyAN is thrilled to welcome back Michael McDonald, an internationally respected Senior Solution Architect, startup CTO, and technical visionary whose career spans three decades, five continents, and some of the most complex, high-stakes environments in industry and government. Michael brings rare breadth and depth across …
Please welcome our newest member from the United States, Caroline Humer
As an international digital safety advocate, Caroline Humer is dynamic and motivated, with a track record of successfully fostering cross-industry engagement. Growing up in numerous global settings has honed her ability to lead global projects from ideation to execution. Caroline’s exceptional networking skills have enabled her to excel in long-term business development, ultimately helping to safeguard vulnerable populations from harm.
She is also the Co-Founder of STISA (Survivors & Tech Solving Image-based Sexual Abuse), the world’s first NGO focused on providing a voice for survivors of image-based sexual abuse. STISA is raising awareness about this pervasive online violence, fostering international collaborations with hotlines and helplines, and developing cutting-edge technology to remove IBSA content.
It’s good to have you, Caroline! We look forward to the expertise you bring and enabling you here at CyAN. Don’t hesitate to reach out or explore Caroline’s profile to grow your networks mutually.
In this mentorship story of 2025, Sumandeep Kaur shares her experience as a Web Developer and Cybersecurity Intern under the guidance of her CyAN mentor, Shantanu Bhattacharya. Empowering Early-Career Web Developer & Cybersecurity Professionals: My Journey with the CyAN Mentorship Program By Sumandeep Kaur Acknowledging …
CyAN 10th Anniversary
(Details TBA)
CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST
CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT
Please welcome our newest member from Australia, Norman King! Norman has 25+ years of experience working as a technology professional. As CTO, he has been part of the leadership team at iPartners since the company began operations in 2017. He has overseen the development of …
News Ransomware Gangs Innovate With New Affiliate ModelsDark Reading – Alexander Culafi FBI: US lost record $16.6 billion to cybercrime in 2024BleepingComputer – Sergiu Gatlan Attackers hit security device defects hard in 2024Cyberscoop – Matt Kapko Ripple NPM supply chain attack hunts for private keysThe …
You’d think nation-state cyber attackers would be too busy targeting military secrets, critical infrastructure, or global financial systems to bother with your local optometrist, small engineering firm, or boutique consultancy.
But you’d be wrong.
As Rob Lemos in his recent Dark Reading article “Nation-State Threats Put SMBs in Their Sights” noted, small and medium businesses (SMBs) are increasingly being caught in the crosshairs of nation-state actors. And while that sounds dramatic, it’s not exactly news to those of us who’ve been waving this red flag for a while now.
If you’ve heard me talk about data privacy, sovereignty, or security-by-design, you’ll know this has been a consistent message: Small doesn’t mean safe.
And simple doesn’t mean insignificant.
🐘 The Elephant in the Server Room
Let’s get this out of the way: Most small business owners aren’t waking up thinking about advanced persistent threats. They’re thinking about invoices, customers, staff shortages, or what fresh compliance headache might land in their inbox next.
But that’s precisely what makes them attractive to cyber operatives. Nation-state actors — whether working directly for governments or as aligned proxies — know that many SMBs:
And it’s that last point that’s so often overlooked. Because when a hostile actor wants to breach a major government department or multinational contractor, the front door is usually locked. So they look for a side door.
🕵 The Stepping Stones in the Spy Game
Small businesses aren’t usually attacked because of the data they hold. They’re attacked despite it — or more accurately, because of who they’re connected to.
Think of SMBs as stepping stones across a river. Alone, they may seem easy to overlook. But in the hands of a strategic adversary, they form a precise, quiet path — one that leads straight to critical infrastructure, sensitive government systems, or global defence suppliers.
Nation-state actors know this. They’ll compromise a regional software vendor with government clients. Or a boutique logistics firm that supports infrastructure projects. And then they wait.
This isn’t smash-and-grab ransomware. It’s quiet infiltration. Long-game strategy. And it works.
🧩 But Here’s the Hard Truth (and the Good News)
Small businesses can’t keep outsourcing this risk to someone else. Governments and tech giants have critical roles to play, of course. But SMBs themselves need access to practical, affordable ways to take control of their data.
I know it’s a lot. Many small business owners are already overwhelmed — especially with security solutions that feel designed for enterprises with full SOC teams and million-dollar budgets.
That’s why we designed 3 Steps Data with three very specific principles in mind:
We believe compliance and governance shouldn’t be a scary afterthought — they should come baked in. No back doors. No silent surveillance. No compromises.
🛡 Stop Treating SMBs as Collateral Damage
For too long, small businesses have been treated as unfortunate casualties of cyber warfare — overlooked in policy and underserved by tools.
But the truth is, SMBs are the economy. They’re the innovators, the service providers, the specialists keeping everything running in the background. And they deserve security solutions that match their importance — not just their size.
SMBs need:
🧭 A Final Thought
I’ve said it before, and I’ll keep saying it: Cybersecurity isn’t just a tech issue — it’s a business continuity issue. A trust issue. A sovereignty issue.
So next time someone suggests that nation-state hackers only go after “big targets,” remind them: the path often runs straight through the smallest players.
Let’s stop leaving our smallest businesses to fight off the world’s most resourced attackers with nothing but duct tape and good intentions.
Because when the stepping stones are this exposed,
it’s only a matter of time before someone crosses them.
Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions.
She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
News Former cyber official targeted by Trump quits company over moveNBC News – Kevin Collier MITRE’s CVE program given last-minute reprieveitNews – Raphael Satter Whistle Blower: Russian Breach of US Data Through DOGENarativ – Zev Shalev Midnight Blizzard deploys GrapeLoader malwareBleepingComputer – Bill Toulas 4chan …
