From Nation-States to Cybercriminals: Why Your Dentist Is Now a Prime Target
How the cybersecurity threat landscape shifted from government espionage to criminal enterprises targeting every small business
Ten years ago, cybersecurity was largely a game played by countries. Nation-states like China and Russia dominated headlines with sophisticated attacks on major corporations and government agencies. Today, that game has fundamentally changed, and the implications reach far beyond Fortune 500 boardrooms to every dentist office, credit union, and small business across America.
Robert Johnston, General Manager at N-able and former Pentagon cyber operations specialist who investigated the 2016 DNC breach, has witnessed this transformation firsthand. His insights reveal a sobering reality: the barriers to entry for cybercrime have collapsed, making every small and medium-sized business (SMB) a viable target for increasingly sophisticated attacks.
The Great Democratization of Cybercrime
"It used to be dominated by countries, by intelligence services," Johnston explained during our interview at Black Hat 2025. "Now the threat landscape has expanded and the number of attackers has drastically increased. The game is now played by criminal organizations, activist organizations, curious college students—anybody and everybody."
This shift has profound implications for incident response teams, whom Johnston calls "digital beat cops." Where these teams once focused primarily on large corporations and government agencies, they now find themselves deployed to defend everyone from major enterprises to neighborhood dental practices.
The mathematics of modern cybercrime favor smaller targets. SMBs are 60% more likely to experience a cyberattack than large enterprises, not because they're more attractive, but because they're easier targets with fewer resources dedicated to cybersecurity. For ransomware operators, the calculation is simple: why spend months trying to breach Bank of America's heavily fortified systems when you can hit hundreds of smaller targets with minimal effort?
The MSP Multiplier Effect
The most concerning trend Johnston identifies is how cybercriminals are leveraging managed service providers (MSPs) to amplify their attacks. MSPs serve as a central nervous system for hundreds of small businesses, managing everything from IT infrastructure to security for clients who lack internal technical resources.
"By breaking into that single target, you can gain access to 500 separate organizations," Johnston noted. "If you take over their remote monitoring management capability, their screen connects capability, it gives you instantaneous single pane of glass access to 500 organizations all at once."
This architecture creates a perfect storm for cybercriminals. MSPs are designed for efficiency, using centralized tools to replicate activities across hundreds of client networks simultaneously. The same capabilities that allow an MSP to efficiently manage 500 dental offices also enable an attacker who compromises that MSP to deploy ransomware across all 500 organizations instantly.
The irony is stark: the technology designed to make small businesses more secure by outsourcing their IT management has also created the most lucrative targets for cybercriminals.
Cloud Email: The New Ground Zero
While the attack vectors have evolved, some fundamentals remain disturbingly consistent. Cloud email, whether Google, Microsoft, or other providers, has become what Johnston calls "by far the most dangerous place on the internet." Approximately 60% of successful attacks begin by compromising cloud email accounts.
The attack methodology is elegantly simple and devastatingly effective. Attackers send fake password reset emails that lead to convincing replicas of legitimate login pages. Once users enter their credentials, attackers immediately authenticate to the real service, bypassing even two-factor authentication through token stealing and replay techniques.
"The identity, the username and password, is now synonymous with the AK-47 of cybersecurity," Johnston explained. "That is the identity-based attack, by and large, the main vector."
This isn't a future threat—it's happening right now. Johnston noted that DNC breach that he investigated in 2016 began with exactly this type of password reset phishing attack, and the technique remains just as effective today.
The AI-Powered Future of Social Engineering
While traditional phishing continues to dominate, Johnston identifies emerging threats that could make current attacks look primitive. AI-powered voice and video synthesis technology is creating new possibilities for social engineering that traditional security awareness training hasn't begun to address.
"If I receive a phone call, and it sounds like Robert, that will be effective," he explained. "You can get a CEO's voice from an interview, from this interview, or a kid's voice from a TikTok video."
While these attacks aren't yet mainstream, AI is positioned to become the catalyst that makes voice-based social engineering as common as email phishing. The technology to extract someone's voice from publicly available videos and synthesize convincing audio is already accessible—it's just a matter of time before criminal organizations scale these techniques.
The Private Sector Defense Advantage
Interestingly, Johnston believes the private sector has actually outpaced government agencies in developing defensive capabilities. "The Private sector has led the way on defensive research and defensive R&D," he noted. "We've come up with more innovative tactics when it comes to defense than the government."
This advantage stems from market dynamics. While governments focus primarily on offensive capabilities due to their unique mandate and legal authorities, private companies face immediate economic pressure to develop effective defenses. The result is a more innovative and rapidly evolving defensive ecosystem in commercial cybersecurity.
Security Becomes the Growth Engine
Perhaps the most telling indicator of how dramatically the threat landscape has shifted is what's driving revenue for MSPs today. Eight years ago, security was often an afterthought for small businesses, who assumed they were "too small to worry about." Today, security services represent the number one revenue and growth driver for MSPs across the industry.
"Eight years ago, SMBs weren't getting attacked, nation-states were going after the big guys," Johnston explained. "Today, SMBs are the number one segment getting attacked."
This shift is now driving conversations at dental conventions, credit union conferences, and industry gatherings across every sector. Security has moved from the IT department's concern to a board-level business imperative for organizations of every size.
Implications for Developers and Technical Teams
For development teams and technical professionals, Johnston's insights highlight several critical focus areas. Identity management has become the primary battleground, with cloud email serving as the most common entry point for attackers. VPN access represents the typical escalation path from initial compromise to network-wide deployment of ransomware.
The sophistication level of MSPs varies dramatically, from billion-dollar enterprises with their own security operations centers to smaller providers who must outsource all security functions. Understanding this landscape is crucial for developers building security tools and services that need to work across this spectrum.
The fundamental lesson is clear: in today's threat environment, every organization is a potential target, regardless of size or industry. The democratization of cybercrime has eliminated the luxury of assuming you're too small to matter. Security is no longer optional—it's a survival requirement in the digital age.