Deny by Default

How One Click Cost a Business $187,000

One employee. One email. One click. $187,000 gone. It started with an email that looked exactly like it came from the CEO. A routine wire transfer request, sent at the right time, to the right person, with the right tone. The employee didn't think twice. Within hours, $187,000 had been wired to an overseas account — and it was never coming back. In this episode, we break down a real-world business email compromise (BEC) attack step by step. We look at how the attacker gathered intel, crafted the perfect message, and exploited trust and urgency to bypass every security tool in place. We also cover the warning signs that were missed, why traditional email filters didn't catch it, and the critical controls — like multi-person authorization for wire transfers, out-of-band verification, and employee awareness training — that could have stopped this attack cold. If your business moves money by email, this episode is required listening.

To Small to Hack? That's Cute!

In this episode of Deny by Default, host Scott Gombar breaks down one of the most dangerous myths in cybersecurity: that small businesses are too insignificant to be targeted. The reality is the opposite. Attackers do not go after size, they go after opportunity. Using a real-world ransomware attack on a small city as a backdrop, Scott explains how modern cyber threats rely on automation, weak controls, and human trust, not Hollywood-style hacking. From business email compromise to shared passwords and lack of multi-factor authentication, this episode highlights how everyday gaps create easy entry points for attackers. You will learn why small and mid-sized businesses are prime targets, how attacks actually happen, and what security leaders see that most organizations miss. Most importantly, this episode provides practical, actionable steps you can take immediately to reduce risk without needing an enterprise budget. If you think your business is too small to be hacked, this episode will change your perspective and your security posture.

Click, Fail, Repeat

Security Awareness Training and phishing simulations are some of the most debated controls in modern cybersecurity programs. Some CISOs argue they don't work, claiming users will always click and that organizations should rely entirely on technology to stop attacks. Others believe the human element remains one of the most critical layers of defense. In this episode of Deny by Default, Scott Gombar explores the controversy around Security Awareness Training (SAT) and phishing simulations. Are they just compliance checkboxes, or do they still play an essential role in protecting organizations from modern cyber threats? Scott breaks down why attackers continue to target people through phishing, social engineering, and business email compromise—and why ignoring the human layer of security may actually increase risk.

AI is Supercharging Cybercrime

Artificial Intelligence is transforming nearly every industry — and cybercrime is no exception. In the first episode of Deny by Default, host Scott Gombar explores how attackers are rapidly adopting AI to accelerate and scale their operations. From AI-generated phishing campaigns and deepfake social engineering to automated vulnerability discovery and malware development, threat actors now have tools that dramatically increase both the speed and sophistication of attacks. Scott breaks down how AI is reshaping the threat landscape, why traditional perimeter-based security models are struggling to keep up, and what security leaders should be doing today to stay ahead.