New York
Knicks
3-seed · Swept Cleveland 4-0
NBA Finals
2–1
Knicks lead
Game 4 tonight
San Antonio
Spurs
2-seed · Beat OKC in 7
Game 4 of the 2026 NBA Finals tips off tonight at Madison Square Garden. The Knicks — who swept Philadelphia and then swept Cleveland on their way to the Finals — lead 2-1. The Spurs won Game 3 on Monday to stay alive. The series is very much alive. And there's a cybersecurity lesson in exactly how it got to this point.
The Spurs had no business being here. They were the 2-seed who had to beat the #1 seed Oklahoma City Thunder in 7 games in the Western Conference Finals — coming back from 3-1 down, winning Games 5, 6, and 7 in succession. They absorbed losses, adjusted, found the gaps in OKC's defense, and won when it counted. OKC had the better record, the better stats, and the home court advantage for most of the series. None of it mattered when the Spurs found the one specific thing that worked.
That is exactly how modern attackers operate against small businesses. They don't need to win every attempt. They need to find the one gap that works — one reused credential, one unpatched service, one employee who answers the wrong phone call — and the series shifts entirely in their favor.
The Guardz 2026 State of MSP Threat Report found that 89% of small businesses have at least one compromised user at any given time. The Spurs were down 3-1 to OKC and found the gap. Attackers are running the same playbook against your business right now. The question isn't whether someone is looking for the gap. It's whether your defense closes it before they find it.
Four NBA Finals moments — and what they mean for your security
🏀 The Spurs came back from 3-1 down
→
Attackers don't quit after failed attempts
On the court
Down 3-1 to the #1 seed OKC Thunder, the Spurs made specific adjustments — changed their defensive scheme, shifted their offensive focus, and won three straight. Three games where OKC's margin for error shrank to zero and the Spurs found every crack.
In your network
Automated credential stuffing tools test thousands of credential pairs per hour, 24 hours a day. When one fails, the tool tries the next variant. The Guardz data shows 31% of SMB users have a compromised credential in any given month — attackers are running that credential against your systems continuously until something works.
🏀 The Knicks swept Cleveland 4-0
→
A clean scan result ends the series before it starts
On the court
The Cavaliers had no answer for the Knicks' defense. Every offensive system Cleveland ran was accounted for. A 4-0 sweep is what it looks like when the defense has no exploitable gap.
In your network
The Clean Scan post in this series described exactly this: no credentials in breach databases, DMARC at p=reject, no high-risk open ports, MFA enforced, clean access hygiene. The automated scanner finds nothing. It moves on. You never appear in anyone's breach report.
🏀 The Spurs won Game 3 by four points
→
One gap is all it takes
On the court
The Spurs won Game 3 — 115-111 — on the road at Madison Square Garden. They found one specific defensive adjustment the Knicks hadn't fully solved. That's all the Spurs needed to stay alive.
In your network
The M&S breach started with one phone call to one IT service desk employee. The McDonald's breach started with one default password. The Allianz breach started with one vendor's support team answering one vishing call. One gap. One game. Series alive.
🏀 Game 4 tonight — Knicks 54.1% to win
→
Probability only matters if you show up prepared
On the court
The Knicks are slight favourites at 54.1% — home court, momentum, Spurs on the road. But the Spurs won Game 3 on the road. Probability doesn't play defense. The team that executes its game plan in the moments that matter wins the game.
In your network
Most SMBs believe they're probably fine. Statistically, 89% of them have a compromised user right now. The 54.1% probability means nothing without the preparation. Security posture — not optimism — is what determines outcomes.
The coaching adjustments that change the series — and the security equivalent
The best coaching in a playoff series isn't what happens in Game 1. It's the adjustments between games — what a coach saw in the film, what they changed in practice, what they told the team to do differently in the moments that matter. The Spurs' coaching staff watched four games of OKC before they found the one thing that worked. Then they executed it three times in a row.
The security equivalent of great coaching is continuous monitoring — watching what's happening across your identity, email, endpoint, and cloud environment, identifying the patterns that look like pre-attack reconnaissance, and adjusting before the attacker finds the gap. The Guardz data shows most SMBs are playing without a coaching staff. The automated tools fire alerts that nobody reviews. The credential exposure sits in a breach database for 292 days before anyone checks. The service account with admin privileges has been there since the IT contractor left in 2023.
29 min
median attacker breakout time from initial access to lateral movement — CrowdStrike 2026
CrowdStrike Global Threat Report 2026
292 days
average time to detect a credential breach — IBM 2025. The Spurs had 48 hours between games to adjust.
IBM Cost of a Data Breach 2025
89%
of SMBs have at least one compromised user right now — playing Game 4 without knowing they're already down
Guardz State of MSP Threat Report 2026
The Spurs' path to the Finals required beating the #1 seed OKC in 7 games. They did it by being patient, absorbing setbacks, and waiting for specific exploitable moments. The threat actors behind the M&S breach, the Cushman & Wakefield breach, and the Allianz breach used the same approach — patient, methodical, willing to probe for months until they found the gap. The Knicks need to close every gap in Game 4. So do you.
What closing out a series looks like in cybersecurity
The Knicks don't need to play perfect basketball to win the Finals. They need to close the specific gaps the Spurs have been exploiting and execute their game plan consistently for four quarters. You don't need to be perfect. You need to close the right gaps.
The credential series in this blog has been a coaching film session for exactly that. Password reuse is a gap. Missing DMARC enforcement is a gap. MFA available but not enforced is a gap. An IT service desk that resets passwords without verification is a gap. Vendor OAuth connections that haven't been audited in two years are a gap. You don't need enterprise-level security to close them. You need to know they're open — and close them before Game 4 tips off.
The Veriti Spottr CyberScore is your coaching film. It shows you the gaps in your defense — from the outside, the way an attacker's automated scanner would see them — and tells you which ones to close first. The Knicks know exactly what adjustments the Spurs made in Game 3. Do you know what gaps are currently open in your business? If Game 4 tips off tonight and your credential exposure, DMARC status, and access hygiene haven't been reviewed — you're playing without the film.
Go Knicks. And check your DMARC record.
Comments
Post a Comment