Home > Podcasts > The Digital Roast Epi 9: AI & Cyber Threats: Why SMBs Are Prime Targets in 2025

AI & Cyber Threats: Why SMBs Are Prime Targets in 2025

Welcome to the 3rd Season of The Digital Roast Podcast, Cybersecurity may not be the flashiest topic, but this episode proves it’s one of the most important — and empowering — conversations for any business. Brendon and Stephen break it down with simplicity, clarity, and a healthy dose of reality.

Watch the latest episode on YouTube: 

or listen on Spotify: 

Introduction

October is Cyber Security Awareness Month — and we’re diving in headfirst.

Across New Zealand, businesses — especially throughout the South Island — are facing an increasing wave of cyber threats. As attacks grow more sophisticated with the rise of AI, it’s no longer a matter of if, but when.

That’s why The Digital Roast Podcast is kicking off its new season with a focused conversation on cyber security for business — cutting through complexity with practical, easy-to-understand insights.

In this episode, Focus CEO Brendon McDermott sits down with Cybersecurity Specialist Stephen Wilcox to unpack the real threats facing Kiwi SMBs, the dangers of outdated tools, and what it takes to build true cyber resilience in today’s AI-powered threat landscape.

Common Threats Facing NZ SMBs

In this episode, Stephen walks us through the most pressing dangers:

  • AI-generated phishing emails that are nearly impossible to spot
  • Social engineering and MFA fatigue attacks targeting people — the weakest link
  • Deepfakes, zero-day exploits, and fileless malware

These aren’t theoretical risks — they’re happening here in New Zealand, across industries and company sizes.

Why Cyber Awareness Needs a Mindset Shift

Stephen makes it clear: cybersecurity isn’t just for enterprise. Every business with a digital footprint is a potential target. Yet many SMBs still carry a false sense of security, believing they’re too small to be noticed.

This episode outlines why:

  • Governance and policies matter, even in small teams
  • Training and audits must be continuous, not one-off
  • Supply chain vulnerabilities can create backdoor access

Simple Steps for Stronger Security 

The good news? Becoming more secure doesn’t require breaking the bank. Stephen offers actionable advice for every business, including:

  • Implementing MFA across all platforms
  • Creating longer, passphrase-style passwords
  • Keeping software and systems updated
  • Backing up offsite or in the cloud
  • Having an incident response plan before you need one

AI: A Double-Edged Sword

AI isn’t just the attacker’s weapon — it’s also a defender’s tool. Stephen shares how modern tools, including Endpoint Detection & Response (EDR), can help detect and stop attacks in real time.

Why Focus Starts with a Cyber Assessment

You can’t protect what you don’t know. That’s why Stephen recommends a Cyber Assessment as the first step to:

  • Identify weak points
  • Benchmark against global standards
  • Create a practical roadmap for improving resilience

Key Takeaways

  • Cyber threats are no longer just an enterprise issue — every business, no matter the size, is a potential target.
  • AI is changing the game — both for attackers (via deepfakes, phishing, social engineering) and defenders (with intelligent detection and automation).
  • Reactive is out, proactive is in — organisations must shift from basic antivirus to layered protection, including EDR, regular patching, and user education.
  • Phishing remains the #1 threat vector — awareness and good email hygiene are your first line of defense.
  • Passwords matter — longer is stronger. Use passphrases and enable Multi-Factor Authentication (MFA).
  • Backups are your safety net — ensure you have offsite or cloud backups and validate them regularly.
  • Supply chain vulnerabilities are real — your vendors’ weaknesses can become your risks.
  • Cyber governance isn’t just for large enterprises — having clear roles, response plans, and acceptable use policies is critical.
  • Assessment is the first step — you can’t protect what you don’t know. A cyber assessment can help identify blind spots.
  • Security doesn’t need to break the bank — many effective tools and best practices are accessible for SMBs.

References:

Cyber Security – Focus Technology

Setting up MFA 

Welcome to the National Cyber Security Centre

Own Your Online – Own Your Online

Needing help on your business’ cyber needs?

Get in touch with us — we provide Cyber Security training, assessment and products to help any businesses across Invercargill, Gore, Dunedin, Timaru, Christchurch, Queenstown, and Wanaka.