Domain Digital

07/05/2026

I've spent the last two days telling you about a business destroyed by ransomware.
Not because they ignored cybersecurity.
But because they tested it too late.
A few of you asked: "Okay, so what do I actually do?"
Fair question. Here's the answer.

First: Stop thinking about cybersecurity as a product.
It's not something you buy once and forget.
It's a system. And like any system, it only works if you test it, monitor it and adjust it.

Here's what businesses need — no theory, all practice:

1. Real-Time Visibility
If you can't see what's happening in your network, cloud apps and endpoints right now, you're running blind.
Many businesses collect logs. Almost none actually look at them until after an incident.

That's arse about face.

You need a platform that consolidates everything and actively watches for threats in real time. Real, prioritised threats that matter — not alerts that bury your team.

2. Automated Response (Not Just Detection)
Detection without response is just expensive notification.
When a threat is identified, you need automated containment — isolating the compromised device before the attacker spreads.
If your setup requires manual intervention for every alert, you're already too slow.

3. Guided Remediation
Most businesses with 20–150 employees don't have a SOC team. They have one or two IT people who are already overwhelmed.
You need a platform that doesn't assume you're a security expert. Plain-language explanations. Clear next steps.

Security that works for lean teams, not against them.

4. Test It. Regularly.
If you haven't restored in last 60 days, will it work.
If you haven't verified your team can isolate an endpoint during an incident, you don't have a response plan.
Testing is the only thing that separates real protection from expensive theatre.

Here's What This Looks Like:
→ Deploy in hours
→ Monitor your entire tech stack from one console
→ Automated alerts for real threats, not noise
→ Isolate compromised endpoints with one click

This isn't theoretical. Businesses are doing this today.

The Bottom Line:
If you're running a business with more than 20 employees, you can't afford to wait.
The real cost isn't the ransom.
It's the clients you lose. The reputation you struggle to rebuild. The sleepless nights wondering if you'll survive.
Reactive security is theatre.
Proactive security — tested, monitored, and ready before the incident — is survival.

I deploy a security platform for clients that does exactly this. Full transparency: I do make money from it. But I'm not here to sell you anything.

If you want to talk about where your gaps might be, comment or DM me.
I'll tell you the truth. Even if it's uncomfortable. The uncomfortable conversation today is way better than pleading for a fix.

06/05/2026

Why Smart Leaders Still Get Breached

Yesterday I told you about the 8:35PM PM call.
The one where a business owner begged me to undo a ransomware attack that had already destroyed their operation.
I got a few messages on this.
Some said, "How could they let this happen?"
Here's the part that keeps me up:
They didn't let it happen.
They just tested too late.

Let me tell you what that managing director told me during our second conversation (yes, we spoke again).
They had a bit of cybersec.

Antivirus on every machine ✓
Firewall at the perimeter ✓
Password policy enforced ✓
MFA ✓
Annual security "training" (a 20-minute video) ✓
Cyber insurance policy ✓
On paper? They looked compliant(ish).
In practice?

→ No one was monitoring logs in real time
→ No one knew an attacker had been inside their network for 19 days before encryption started
→ No automated response to isolate infected endpoints
→ No tested backup restoration process (they had backups — but no one had ever tried to actually restore from them under pressure)

They had stuff in place. They just never tested if it actually worked.

Here's the uncomfortable truth I've learned after 20 + years in this industry:
Most executives don't fail because they're cheap or careless.
They fail because they treat cybersecurity like insurance instead of infrastructure.
You buy it. You file it. You assume it's working.
And then one day, you find out it wasn't.

If your business has 20-150 seats, you're in the super danger zone.
Not because you're a juicy target. But because you're big enough to have complexity and small enough to lack dedicated security staff.
That's the gap attackers love to explore.
The gap between "we have something in place" and "we've actually tested it under fire."

So here's my question for you:
When was the last time you tested your security?
Not "reviewed the policy."
Not "renewed the subscription."
Tested.
Can you detect an intruder in your environment right now?
Can you isolate a compromised device in under 60 seconds?
Can you restore your most critical system from backup in under an hour?
Do you even know what logs you're collecting — or if anyone's watching them?

If the answer is "I don't know" or "probably not," you got yourself an issue.
You're just waiting for the call.

Tomorrow: I'll share what actually works and why it's simpler than you think.
Comment or DM me if you want to talk about where your gaps might be. I'll tell you the truth, even if it's uncomfortable. I am well known for being a straight shooter.

05/05/2026

The Call That Came Too Late
8:35 PM.
That's when the phone rang last Thursday.
Not a client. Someone I'd never spoken to before.
A managing director of a manufacturing company in Queensland. 47 employees. Family business. Third generation.
Crying.
Not emotional. Crying.
Their systems were locked. Ransomware. The attackers wanted $280,000 AUD. Payroll was due in 10 hours. Production had been down for two days. Their insurance wouldn't cover it because they hadn't completed the security assessment they'd been sent four months ago.

"Can you help us?"

I've been running managed services for over 20 years.
I don’t recall the number of out of hours calls I’ve taken.
But this one was different.
Because the answer was no.
Not "maybe." Not "let me see what I can do."
Straight up... “Nah mate. We’re a little late to the party”
You can't click a seatbelt in after the crash.

Here's what I didn't say on that call:
→ That 88% of small business breaches now involve ransomware — more than double the rate at enterprise companies → That 61% of SMBs had some level of breach in the past year → That the average cost of a breach for a business their size is $3.31 million → That they probably thought they were "too small to be a target"
I didn't say any of that because it doesn't matter once you're already burning.

What I did say:
"I'm sorry. There's nothing I can do that will change what's already happened."

They hung up.
And that was a pretty crap nights sleep for me.
Because I know the truth that no one in cybersecurity wants to admit:
After-the-fact security is theatre.
It's optics. It's paperwork. It's something you do to make the insurance company feel better.
But it doesn't undo ransomware. It doesn't restore trust. It doesn't bring back the contracts you lost when your clients found out their data was exposed.
And it sure as hell doesn't stop you from lying awake wondering if your business will survive.

If you're running a business with 20-150 employees, you are not too small.
You are not flying under the radar.
You are a target. Right now. Today.
The only question that matters:
Are you protected before the call?
Or will you be the one making it?
More tomorrow.

20/04/2026

🚨 “We’re too small to be a target” is officially dead.

With Anthropic’s latest project, we’re entering an era where AI can scan entire codebases to uncover long‑forgotten or never discovered vulnerabilities then put together an exploit faster than most security teams can react.

This is a shout‑out to anyone who still thinks: “No one will bother chasing after my business.”

This changes the entire security landscape.

These platforms democratise vulnerability discovery. Finding weaknesses will no longer require elite skills, big budgets, or nation‑state backing. The barrier drops for everyone.

If we thought there was an issue before, now every connected organisation is will be exposed than ever.

That’s why defence‑in‑depth has quietly shifted from “best practice” to absolute baseline.

If vulnerabilities are easier to find and faster to exploit:
- A single control will fail fast
- Patch only security is reactive by default (but still necessary)
- Resilience matters as much, maybe more than prevention

Assuming compromise is no longer pessimistic. It is perfectly realistic.
At the risk of sounding alarmist, this is kinda a big thing.

What does your technology roadmap look like? If you already have an MSP and want to pressure test whether your current approach actually holds up in this new reality, run through this assessment:

https://domain-yihagggm.scoreapp.com

20/04/2026

Unsure where your organisation sits with AI? Take our short AI readiness check to:
💠understand where you currently stand
💠receive a brief recommendation
💠explore next steps through an optional discovery call

Start here: https://lnkd.in/g9UuVNsu

This link will take you to a page that’s not on LinkedIn

03/02/2026

The surge in AI-related activities is causing a strain on the availability of components, which in turn is driving up prices for computing devices.

If you’re considering buying any tech gear, it’s smart to act now.

Prices are rising and might I say, disturbingly fast. A heads up is always better than a surprise….

(The irony that AI created this image did not fly under the radar)

28/01/2026

2026 is the year of AI-powered customer communication — and your team can get a head start.

Our partner is offering 2 months free + 500 AI Voice Agent minutes on annual plans (valid until Jan 31, 2026).

If your sales or support teams want clearer insights, faster workflows, and less admin, this is the moment to upgrade.
👉 Learn more: https://tinyurl.com/AircallOffer

28/01/2026

2026 Resolution: Stop juggling tools that don’t talk to each other.

brings voice, SMS, WhatsApp & your CRM into one connected workspace — and right now, you can get 2 months free + 500 AI Voice Agent minutes.

Perfect for teams looking to save time, improve performance, and streamline communication next year.
Offer ends January 31st, 2025. Details here 👉 https://tinyurl.com/AircallOffer