Transcript of Why 33 Million Small Businesses Are Easy Targets for Hackers | Ep 268 with Ken Boyce Founder of CyberGlobal USA

Today's episode is sponsored by Pipedrive, the number one CRM tool for small to medium businesses. I am excited to share more about them later in the episode.

These are criminals. These are bad, bad people.

That cyber security is going to hit a $500 billion industry by 2030, which is insane.

If you go back 10 years ago, cyber criminals were only hitting big companies because it cost them a lot of money to hit these companies. They get paid a million, two million. You hear them, $5 million ransomware and all that. 60% of the businesses lose their business after a major cyber attack. So they would never target small, medium-sized businesses because it wasn't cost-effective. The thing that's changed the game completely is AI.

Once you start looking at it, you're like, wow, the world is collapsing.

They have a business, they have expenses, they have everything that we have in every legitimate business. They have the same car. I hate to say it to you, but cyber criminals are business people. And if you want to get your company back, you better pay it.

So, Ken, I got to say, cyber security is something I am very interested, and I find myself going down the rabbit hole, by the way, with AI and everything happening. I'm like, once you start looking at it, you're like, wow, the world is collapsing. That's how I feel. I feel like If I was in your shoes and I was hearing and seeing what was going on, it's like ignorance is bliss for me. I almost would rather not know, but I'm sure we have to talk about it today. I want to first start with something that you've told me was that cybersecurity is going to hit a $500 billion industry by 2030, which is insane. However, over 33 million small businesses are completely unprotected.

Yeah, Daniel, it is scary, to be honest, but you don't want to go around being fearful all your life. You get car insurance, you hope you don't get in a car wreck, right? So that's why you have it. I think cybersecurity is definitely a big transition happening, especially in the last three to four years. If you go back 10 years ago, cyber criminals were only hitting big companies because it cost them a lot of money to hit these companies, and they get big payouts. They get paid a million, two million, you hear them, $5 million ransomware and all that. So they would never target small and medium-sized businesses because it wasn't cost-effective. I hate to say it to you, but cyber criminals are business people. They have a business, they have expenses, they have everything that we have in every legitimate business. They have the same costs. The thing that's changed the game completely is AI. And AI, they're using They're doing tools now that I like to compare to fishing with a single pole. Everybody goes fishing out, cast, you're trying to catch one fish at a time. That's what they were doing before.

And big fish, They're fishing for the whales. Not anymore. What they're doing with AI now, they can use nets. They can cast out where their costs go way down, way, way down to go and start to target small. When I say small, a company See, with 5, 10 employees, that's maybe really small. But to over 20 employees, a company that does two, three, four million dollars on a low end and everything up, they can hit up these companies now and shut down their assembly line or hold their data or blackmail them. Literally, it's what it is. It's blackmail. They call it ransomware, blackmail. You want to call it that. But they might hit them up for 25, 30, 40, $50,000. And if you If you want to get your company back, you better pay it. So that never happened before. And now with AI, the advent of AI, which can be used, we use it for a positive. We use it to be far more cost-effective. We use it to be a lot more efficient when it comes to the services we have. But unfortunately, the cyber criminals are using it for the bad side of it, and it's just a fact of life.

So you can put your head in the sand and ignore it like you just said. Maybe I don't get hit, okay? Well, I like to compare it to real life everybody else can understand is, well, maybe you don't get in a car accident. A good chance you might not. But when you do, you're going to lose a lot of money. And 60 % of businesses lose their business after a cyber attack. Small businesses. It's numbers I don't make up. 60 % of the businesses lose their business after a major cyber attack. It's just a fact of what's going on.

I've spoken to hundreds of entrepreneurs, and one of the biggest pain points they share is generating consistent quality leads. Most founders spend hours chasing down prospects, juggling outreach, and still end up with missed opportunities. That's why I recommend today's sponsor, Pipedrive, the number one CRM tool for small to medium businesses. Top sales teams are using Pipedrive to close an average of three times more leads per month. My favorite part, Pipedrive takes messy sales process, turns into a visual pipeline so you can see exactly where every deal stands and what you need to do next. Here's the feature I love, Lead Booster with Chatbot. It lets you capture new leads directly from your website 24/7. Imagine waking up and already having conversations with prospects in your pipeline without lifting a finger. For me, that's like adding an extra sales rep that never sleeps. It's a powerful, simple CRM built by salespeople for salespeople. Over 100,000 companies are already using Pipedrive. Right now, when you use my link, you'll get a 30-day free trial, no credit card needed. Just head to pipedrive. Com/founders to get started. That's pipedrive. Com/founders. And you could be up and running in minutes.

Can you... Yeah, I want to dig in more to that. Sure. It actually happened to me before where my landlord for my commercial rent was hacked, and we were... His email was hacked and told told us to send money to his new account, so money was sent for a year before he even realized that he was hacked. Now he couldn't get the money back from however many people that was doing the same thing. Like you said, that was something very small. But if 60% of people, or 60% of small businesses, they won't survive in the end if they have a cybersecurity attack, why are they left so vulnerable? And who's to blame for Well, I think it's...

Things have moved so rapidly is that cybersecurity expenses in the past have been, or offering services have been very expensive. So that's why a lot of our competitors, a lot of other cybersecurity companies, they focus on the fortune 1,000, by Fortune 500, whatever, the big companies, right? Because they have bigger budgets. They can afford these type of services and all that. And small businesses can't afford to those type of services. You have to be far more efficient. As I like to say, you have to be a little bit protective, okay? You don't just have a house and you don't have a lock on it. Some people have a full 24/7 monitoring of their house and security systems and cameras that are everywhere. At least have a lock on your door at the minimum. So it's all in between. So it's a matter of being able to have a budget so that these small, medium-sized businesses can be able to afford these type of services. We We are in the position to be able to do that. We've worked in the enterprise world for the last eight years. It's very competitive, really competitive. Big numbers, big deals, okay, when it comes to our business.

But that's no. I'd rather deal with 33 million companies, as you said, and I'd rather be a whale swimming in an ocean where there's salmon and drought than trying to beat up against whales anymore. So that's where the market has really gone for us. We've identified that, we've focused it. That's we're franchising and developing a partnership model because we know that small and medium-sized businesses are getting hit every day with us. And it's where the market's going. But the nice part is with AI is we're using it for a positive. We developed our own internal AI engine that helps us do things far more efficiently so we can pass on more cost companies. It's just not about money. We have a mission of protecting companies. These are criminals. These are bad bad, bad people. And the more we can help companies to protect against them, the better.

This reminds me of back in the '90s, when I was really big into computer programming, it was like they were taking hackers to hack against hackers. I don't know if you remember that, but that was the big thing. Even the movie Hackers. It was like... Yeah, hack. I forget. They have a word for it now. It's like ethical hacking or something like that.

That's exactly what it is. We We do ethical hacking. Ethical hacking is asking the permission of the company to be hacked. So we are hackers, but we don't do it from a nefarious standpoint. We do it from the ethical standpoint. That's exactly right. Makes sense.

You find vulnerabilities. You need to see where the vulnerabilities lie. So that's the fascinating thing about AI now. I almost feel like AI has become that. Like you're saying, AI can be used to hack, but it can also be used to fight against hack. Do you see something in the future where there's like agentic AI or AI agents almost like battling against each other? I mean, with the rapid speed of AI, how do you even keep up with... Because I imagine these people are spending all of their time and focus on how they can make things better for their end. So how do you also stay up to speed to fight against that?

No. Experience Experience, experience, experience, period, is understanding how they're thinking, what they're doing, and counteract it. Very simple is we keep ahead of that curve, is we have the engineers and the technicians internally that are learning Oh, did you hear about this cyber person doing this attack now? And here's how they did it, and here's how they got in. Okay, now we know, we can prevent it. So it's all about that experience, knowledge, and expertise with a cybersecurity company that you got to make sure that they understand how things change on a daily basis, not to be an over dramatic, maybe on a weekly or monthly basis. But definitely our business accelerates faster. I don't know if I jump on all the hype of AI is going to take over all the jobs. If you type in, actually, what's funny, you type in AI, will AI eliminate cybersecurity services? And AI spits back to you, ChatGPT, no, not at all. In fact, cybersecurity services are going to continue to increase. And what does AI say? This is funny. This is AI commenting on itself, is that cyber criminals are going to use AI to be far smarter and far more efficient.

But what AI does say is that cyber security companies that don't use AI and keep with a manual standpoint are going to lose efficiencies and become less competitive. So for us to stay ahead of our Our competition is that we invest much more into. We have our own, I might have said it before, but we have our own engine. We don't use ChatGPT or Gronk or any of these generic ones. We've created our own based on the knowledge we've learned from those cyber attacks to be able to program it, to basically go and analyze companies to be able to do it. That's a big difference from our company compared to, say, some other cybersecurity companies, too.

Let's walk through if something something happens to one of these small businesses. So something happens, I don't know, with data breach, whatever it is, and this person, this hacker, or whatever you want to call them, they say, You have to give us one Bitcoin, otherwise, we're going to do something really bad, then what?

Unfortunately, if you're doing what's called incident response... Now, by the way, let me back up, Daniel. I am not a techie, okay? I've been in franchising and business development for 30 years. So when it comes to technical questions, there's technical people out there, I'm going to make the best of it, okay? That's why we have our technical staff. But at the end of the day, is really what you're talking about is an incident response is after the fact. After the fact is very bad because now it's damage control. Is okay, what are they stealing? Are they shutting down a line? Are they possibly stealing data, holding us at ransom because they're going to expose What's the damage to the company? So that's an instant response. What's damages to us? Do we pay this ransomware? From our experience, cyber criminals already know that formula. They're not going to come in and you're a company that has $50,000 in the bank and ask you for a million because they know the answer is going to be, Sorry, dude, do what you want. I don't have it. That thing. So it's all about that valuation period and coming in and doing that.

But if you're responding to a cyber attack after the fact, I can guarantee you one thing, it's not going to be good. You're on mute there, Daniel. Sorry. Yeah, no worries.

So it sounds like this is more of a proactive approach because the reactive approach is very, very hard, which it makes a lot of sense because you're at the whim of what this person, company, people want to do in the end. So what can these small businesses do? Because I don't think they fully understand what they're even supposed to be doing, what they can be doing to be proactive.

Well, the first thing we do with a company is we give them what we call a cyber security health checkup. And that's just an evaluation of... And I'll compare it to a house so people can relate. Is it come in here and you go, your windows All the locks are broken on your windows. And hey, by the way, your back patio deck sliders, it's not working properly. You can jack that open easy. And then say, here's all the vulnerabilities that you have in your house. Well, you need to fix them. Now, we identify that, then we can help fix them. But then let's put a system in around that that prevents people from coming in at every other endpoint or at an entry point. We call it at your house, it's your entry point. We call it in the business, the endpoint is where they're coming in. So how do we prevent them? Now, you cannot 100 % prevent hackers from hacking in. There's no foolproof system. It's just like any other bank. There's no foolproof system to anything. What you want to do is you want to stop them quick enough to prevent the damage, the least amount of damage as possible.

So there's a thing called Security Operations Center, which 24/7 monitoring, which is just like a house. It's like an alarm system for your house. When somebody breaks in, where are they? How do we catch them? And who do we alert? Is it a high priority that you alert the CISO of a company? Or is it a real low priority? It's just, Hey, you want to check this in the morning? Clean it up, That type of thing. So there's different levels and all that. That's where... Cyber security, to me, is really simple. It's a game of cops and robbers. And they're trying to break in and steal our stuff, and we're trying to prevent them from stealing your stuff. So it's just technology. Unfortunately, people can do it from anywhere on the planet, and they can be in your backyard tomorrow in your company. It doesn't matter where it is. And as long as they can get in. But like I said, if you've got the right security in front of you, then you're going to be at least... You don't want to be waking up and losing your business tomorrow because you didn't spend X amount to protect it, if that makes sense.

Yeah. I was talking to a who's a corporate accountant for a large company, and they had to go through a training around that the CFO of the company will never call you to ask you to transfer, do anything when it comes to money. Because people, they had already gotten a deep fake hacker that deep fake the CFO's voice and contacted, and they almost, I guess, sent money to somebody. So it's crazy. How technology Daniel. Yes.

We've had the same thing happen to us. Hackers, they want to hack a cyber security firm. Isn't that sexy? We hacked into cyber global. No, you didn't. We caught you. But what you put on your point is, let's say you're BMW, big company, but let's say all these small companies sell all these parts to BMW. Then suddenly, BMW gets an email from your company, and you're a $5 million company, you're selling parts to them. But they get an email thinking it's you, and it says, Hey, by the way, just want to update our accounting information. We've changed bank accounts. This is our new bank account. So when you make your payment this month, make it to this account. And then three months later, you call BMW and go, What's going on? You haven't paid us in 90 days. And they go, Oh, yes, we have. That's gone. Goodbye. That money is gone. You're not going to see it because they packed in, access the account, to their account, which is definitely offshore somewhere where you're never going to find it. This happens every day. Now, do companies want to Talk about that in the public?

What do you think? Just a silent crime. They don't want to talk about it because it hurts their reputation. Nobody wants to talk about that, right? But anyway, we deal all day long. That's why I'm in the business. I'm a 30-year franchise guy. You told me a year ago I'd be in the cybersecurity industry. I would have lost a bet to you. I can guarantee you that I never thought I'd be here. It's just the opportunity that exists here for us and be able to grow this company is phenomenal. I could say- We don't want to benefit on other people's misery, but it's just reality.

I think it's a great mission. You're saying people are going to do bad things no matter what. They're going to do bad things. So the best thing you can do, though, is try to fight those people doing bad things to at least give these companies a chance. Because you said it before, most people are only focused on helping those large corporations. They're not focused on helping the ones that are getting destroyed when it happens. You're saying these larger corporations, yes, I'm sure it impacts them negatively, but it doesn't normally destroy their company. This can literally destroy the majority of these companies will get destroyed overnight. So why Like you said, you've been in the franchising industry for a long time. Now you're doing this. Where do you see the most passionate individuals getting involved or the most passionate people about this that are going to say, You know what? I think this is a great franchise to be a part of?

I like to quote our business model, the State Farm Insurance, if that makes any sense, is when you have a state firm insurance agent, they're Our daily role is to find clients and get clients and serve as clients, right? Get clients, serve as clients. State Farm does everything else, right? That's the same with us, is we do all the cybersecurity work. We do all the meeting with clients, with our franchisees. Our franchisees are people people. They're people that might have a sales and marketing background, preferably. You don't have to, but you're a people person. You're exchanging, getting in front of people, talking with people doing this, identifying those needs. That's the way I get into this business, because you didn't have to have... One is, we don't have time today to talk about this is my unicorn business, but low investment, no real estate, no build-out, no employees unless you want to hire a salesperson, no trucks. When you go down and look at a business, it's very, very appealing to want to be part of. You have a home office. You can't have an office, you can't have an Don't get me wrong, some of our franchisees do with salespeople and all that.

But it's a service-based business. So it's easier to enter if you're a potential candidate to be a franchisee. People think, Oh, do I need to know cyber security? I'm like, No. In fact, no offense to the people that are really technical and all that. But a lot of those people don't like to do sales, don't like to be in front of the customer, don't like to do that on a daily basis, right? Well, this is the worst opportunity for them. They might be the best cyber security technician in the world. Okay, we'll apply for a job. Maybe we'll hire you, right? But to be a franchise owner, probably not a good fit. So that's why I get involved with this, because I've always been about building an infrastructure and build a network and build basically an infrastructure of going to get new clients. And that's what we're doing is we're building through partnerships. We're building through our franchises. Yes, we'll reach out directly to clients, but we're building an infrastructure where we have companies that partner with us, just like accountants, and refer clients to us. And so we have a trust level because, Danny, I know we jump around a little bit here, but one of the biggest things of a cyber security is trust.

It's like, who do you trust this company? This is your company, right? This looks almost like one of your daughters or your sons or your wife. It's that much, right? It's who do you trust with them and all that. So that's a big part of where we go. And when you work with partnerships, you work with people that give you referrals and trust you. So you work with them, and then they refer you to people. Instead of us going around and try to knock, I use that analogy before with fishing with a single hook. That's the thing I've learned in my business career in 30 years, that's the biggest thing I've ever learned is I rather fish with a net than a hook. Is that I can just get in front of more people and be able to develop things like that. So that's the way we're building our business is through partnerships, through a network, through franchises. It's no better than having somebody in Boston, let's say, in Atlanta, in Houston, who are franchisees. We have 14 across the country now, but no better to have somebody there that has invested their own money, their own time.

They're in. Like I say, they're in. They're not looking over their shoulder every two weeks for a new job, and they're going to jump ship and go to another company. Is their vested interest there? And that's why the franchise model and why it stuck with it for 30 years works so well in building that distribution channel. So we'll have 50 franchises across the country. We'll have all kinds of partnerships. We'll have distribution channel so that we can go and reach that end customer with a lot less acquisition cost and a whole lot more efficiency and more that trust in building.

Well, Ken, I think not only about this topic here, but I think I also learned about just leveraging franchising in a different way, because I don't think a lot of people talk about, Oh, I'm going to be a franchisor. I'm going to franchise my business, and this is how it's going to be. I used to work in this area for a few years as a consultant, so I've seen different models, but I like this model, not just from your model as cyber global, but if somebody wants to also franchise their business, it makes a lot of sense as a way to really create this this network effect without, obviously, we know some of the highest costs come from customer acquisition, but you really get, it's almost like having hyper-focused ambassadors of your brand, of your product, but they're winning. They're winning as well.

Well, I'll have some fun with you right now is I think that I'm on Teams and I have a Mac, and I think that Mac and Teams had fun with each other, the engineers, because you saw probably a couple of thumbs up go up in our presentation today or in our podcast. I'm hitting thumbs up. I don't know why they go up. But anyway, I saw it a couple of times and I saw you look and go, thumbs up. I go, I didn't do it on purpose, but Just to give you a thumbs up on what you're talking about, 100 %.

I saw that, too. I was trying to figure out that it's something new on my end. Technology, like I said, it really moves every two seconds. There's something new. But Ken, this has been great. If people want to get in touch with you, they want to find out more about CyberGlobal, they want to follow along, how can they do so?

Yeah, go to our website, cybergl. Com. My website or my email is ken. Voice@cybergl. Com. Just Google us. You'll see it there. Reach out to us if you want to... We have the WeFunder campaign that actually launched today, October 6, where people can invest in our company now. Two is we're still expanding across the country. We have 14 franchisees now. We still have 36 franchisees to go, if you want to call it, before we have the whole country covered, which we hope to have that done by the end of the year. So lots of opportunities. We'd like to deal with people that want to jump into something that could be new. This is not a new industry. It's been around for a long time. It's just transitioning very rapidly. It's transitioning with there is lots of opportunity that's available out there. We're going this way instead of where there's a lot of industries, unfortunately, that are going the other way.

Well, it's a potential $500 billion industry by 2030, which is actually coming up. It's only about four years away. Sadly, this year is almost over. But, Ken, this has been great. A lot of stuff happening at CyberGlobal. And thank you for sharing all your insights today. I learned a lot, and I appreciate. I always like to talk to great people where I can learn and I can take away something from the conversation. But thank you for joining us on Founder Story.

Thank you, Daniel. And just a last thought is, we're on a mission to protect small and medium-sized businesses. That's why we get up every day. And that's what our mission is, is to make sure they're safe from these cyber criminals.