Caught in the Net
It’s not personal. But the damage is.
Most people don’t think they’re a target. Most companies think they’ve done enough. Until a breach proves them wrong. I write Stan’s Corner to nudge people out of denial—before a cyberattack does it for them.
Why Us?
"We're a small consulting company," she said. "Eight of us. Working with nonprofits. Mission building. Grant development. We don’t have a lot of money. And after this ... I don’t know if we can keep the doors open."
Kathleen had started Vision2Reality eight years ago to help nonprofits realize theirs. Two days earlier, ransomware had brought her company to a halt. Their Microsoft 365 accounts were locked. Files on OneDrive vanished. Email went dark. Client credit card and bank data may have been stolen.
“Why would anyone come after us?” she asked again, as if saying it louder might make it go away.
Not Targeted. Just Caught.
It reminded me of a factory Rita and I toured in Porto, Portugal—a century-old sardine cannery called Conservas Pinhais. Rows of workers in white coats and blue gloves packed fish with mechanical precision. Stainless-steel tables. Concrete floors. Crates everywhere.
The factory processes 40,000 sardines a day.
Not one of those fish was specially targeted. The fishermen didn’t care. They just cast their nets and hauled in whatever swam through.
That’s how most cyber criminals work.
That’s what happened to Kathleen.
The Moby Dick Myth
Yes, some hackers go after Moby Dick—high-value targets with big payoffs. Those attacks are rare. Surgical. Personal.
But most aren’t hunting whales.
They're phishing. They’re running scripts. Checking for weak passwords. Scanning for open ports. Casting wide digital nets to see who gets caught.
Vision2Reality wasn’t targeted because they were a consulting firm.
They weren’t targeted at all.
They were just online. And unprotected.
Sardines of the Internet
I pulled up a photo from our trip. Crates stacked high with sardines—indistinguishable, interchangeable, caught without a second thought.
"Kathleen," I said, “This is how it works.”
“Some cyber criminals go after Moby Dick. But most? They’re like the fisherman who caught these sardines. They throw out their nets. You weren’t special. You were just swimming by.”
And that’s why what happened to Vision2Reality can happen to anyone.
Just like the sardines.
If this story motivates you to want to do better, please reach out. I’m the founder / president of SecureTheVillage, a nonprofit making a difference. We work with smaller businesses, nonprofits, and the MSPs who serve them. Email me now to protect your assets and minimize the impact of inevitable disruption. StanStahl@Substack.com.