The digital landscape of 2025 has made data breaches a daily threat. While most businesses focus on technical safeguards, the weakest link often lies in human behavior. Kenneth Dick’s professional journey through finance, banking and travel industries has given him unique insights into one of today’s most pressing business challenges – data security. As a technology advisory partner at Polaris1, Kenneth has encountered numerous security breaches that have shaped his understanding of how businesses should protect their sensitive information.
When Trust Becomes a Weapon
Recently, Kenneth shared a particularly alarming incident from his consulting work with a hotel company. “The hacking company worked to establish trust with the engineering team and got them to believe that they had a new data storage location that looked absolutely legitimate,” Kenneth explains. The hackers managed to redirect backup data to a fake location, steadily siphoning information for weeks before the security team noticed suspicious traffic patterns. The breach impacted millions of people’s records.
But it’s not just large-scale attacks that pose a threat. Kenneth describes how social engineering has become increasingly sophisticated. In one case, attackers spent a month and a half sending individual messages to convince an employee they were communicating with the finance team. “They slow played it and then they finally had a Friday afternoon – ‘my gosh, we’re late on a payment, we’re going to get fined. Can you quickly change this for me?'” The result? A significant amount of money was transferred to fraudulent accounts, with the theft only discovered during Monday morning’s accounting review. 
Artificial Intelligence – Making Scams Scalable
The rise of artificial intelligence has added a new dimension to security threats. Kenneth points out that AI has dramatically lowered the barrier for large-scale scam operations. “What used to be too much effort now is no effort to contact a million people individually with a personalized story,” he says. “It’s just an AI agent bot linking to your Facebook posts and linking to the information that was exposed in a Marriott breach or an Equifax breach.”
These AI-powered attacks can mine data from previous breaches, social media, and other public sources to create convincing, personalized approaches. “They just do that little connection and then they know your phone number and they just text you, or they email you,” Kenneth explains. “That agent follows that trail and they have a month-long process.”
Highlighting the Importance of Training
Kenneth emphasizes that technical security measures, while important, aren’t enough anymore. “It’s not the technical security measures that are really keeping significant problems from happening anymore because everybody’s rolled out the technical security measures,” he states. The real vulnerability lies with employees who have access to sensitive information – accounts payable teams, product management teams, and others who become targets for social engineering attacks.
Many businesses make the mistake of implementing inadequate training programs. Kenneth notes that some companies use basic vendors that “check the box” but don’t provide meaningful education. “If the test is the type that gives you the right answer when you give it the wrong answer and then lets you retake the test, nobody’s watching at all,” he explains.
Another critical error is the timing of security training. Many companies conduct annual training in October or November, leaving employees vulnerable during summer months when their guard might be down. Kenneth recommends implementing training at least twice a year, with additional testing through “white hack” attempts – sending fake phishing emails to employees to identify who needs additional training.
Small Businesses Facing Increased Threats
Small businesses often believe they’re too insignificant to be targeted. However, Kenneth warns that AI has changed this dynamic. “Now in the age of AI, you’ve got the marketing lists that give you the list of every company in a zip code, and their industry and then their domain,” he explains. This makes it easier for attackers to target multiple small businesses systematically.
Kenneth’s key message is clear – every business needs to regularly evaluate its security stance. “If a company has not evaluated their security posture in the last year, that’s the red flag,” he states. The good news? Getting started doesn’t have to be expensive. “It could only cost 150 bucks for a quick training manual and to talk it through, or a thousand bucks for a better firewall,” Kenneth notes. “But that could prevent a huge problem.” For businesses looking to enhance their security training, Kenneth recommends LinkedIn Learning’s security courses and notes the effectiveness of training programs from Clearwater, Florida-based security firms. The investment in proper training and security measures is minimal compared to the potential cost of a breach.
To learn more about protecting your business through effective security training, visit Kenneth Dick’s LinkedIn profile.
