Cybersecurity in 2023: How SMBs Can Stay Ahead of New Threats

By Jason Stein, VP of Cybersecurity, Telarus

Hello, friends, and welcome to my first blog of 2023! I look forward to connecting more with you this way and hope that the insights I share in my blogs provide value to your business as you navigate the new frontier of cybersecurity with your customers.

As a cloud, security, and telecommunications leader and trainer who has worked with companies of every industry to succeed in this constantly changing space, I am pretty passionate about what’s going on in cybersecurity these days. In my mind (ok, so I’m a little biased), it’s a critical area of tech your customers should invest in to protect their businesses and people.

If it’s anything this past year has taught us in the cybersecurity world, it’s that cybercriminals and security breaches can happen to any company. Last fall, the Los Angeles Unified School District – the second largest district in the nation – was the 29th district to suffer ransomware attacks. And remember the 18-year-old behind the September 2022 Uber breach? Regardless of their size, businesses can’t afford to not invest in cybersecurity measures these days.

As a technology advisor, you have a very exciting opportunity to become a valued and trusted business partner for your customers, helping them navigate the complexities of cybersecurity and ensuring they invest in the right resources to keep pace with new, costly threats.

How to build a framework for addressing cybersecurity

The cybersecurity universe is vast: It entails the protection of internet-connected systems such as hardware, software, and data from cyberthreats (of which there are many – I highlight the biggies for 2023 in the next section). As organizations transmit sensitive data across networks and to other devices while doing business, cybersecurity is the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies tasked with safeguarding information relating to national security, health, or financial records must take steps to protect their sensitive business and personnel information.

NIST (National Institute of Standards and Technology) is the most popular framework adopted by clients in the U.S. It includes five steps to addressing cybersecurity risks that your customers should be considering in their security plans:

– Identify – Includes assessing cybersecurity risk to systems, people, assets, data, and capabilities. Do your customers understand what their vulnerabilities are? Where are all of their physical and software assets located? Have they put policies and procedures in place?

– Protect – Outlines appropriate safeguards to ensure delivery of critical infrastructure services and the ability to limit the impact of a potential cybersecurity event. Includes staff training, identity management (physical and remote), maintenance activities, and data security (encryption).

– Detect – Defines the activities for timely discovery of a cybersecurity event. Includes the appropriate processes and resources to detect anomalies and ensure continuous monitoring.

– Respond – Includes the activities required to take action and contain a detected cybersecurity incident, such as a communications plan for internal and external stakeholders and a regularly tested incident response plan.

– Recover – Supports timely recovery of impaired services or capabilities back to normal operations to reduce the impact from a cybersecurity incident. Includes recovery planning processes and procedures to restore systems/assets, root cause analysis and implementing improvements, and post-recovery internal and external communications.

SMBs are not immune: 3 cybersecurity trends to keep top-of-mind

The most challenging part about cybersecurity is the ever-evolving nature of the threats themselves. Here’s what your customers should be prepared to address this year, at minimum:

1. Malware and Phishing Attacks (Post-pandemic edition)

In the first half of 2022, there were 2.8 billion malware attacks worldwide and over 236 million ransomware attacks. The final 2022 tally for phishing attacks is expected to reach six billion. With the transition to remote and hybrid work, malware and phishing attacks will remain a key threat for SMBs. While targeting email accounts for phishing scams may have been the norm pre-pandemic, expect more hacker exploits on widely-used cloud-based platforms like Slack, OneDrive, and Google Drive.

2. Zero Trust Adoption

Zero Trust is a security framework requiring all internal or external users in the organization’s network to be authenticated, authorized, and validated before being granted access to any company data or devices. According to Gartner, Zero Trust is “based on the belief that trust is a vulnerability, and therefore, security must be defined by the strategy, ‘Never trust, always verify.'” While originally adopted by government agencies in 2019 in response to increased high-profile security breaches, other highly regulated industries like financial services and healthcare are following suit as cyber threats become more sophisticated. A big trend for 2023 is to replace VPN with Zero Trust, and Telarus is proud to have the top providers help you and your customers with this initiative. 

3. Cyber Regulations’ Effect on Cyber Insurance

Pricier premiums are an unfortunate consequence of the rising number of costly data breaches, ransomware, and other security attacks. Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021, according to the Council for Insurance Agents and Brokers. Governments around the world are enacting stricter regulations to protect personal information and sensitive data, resulting in higher limits of liability, a broader definition of loss (reputation recovery, financial recovery, more detailed reporting requirements, etc.), and regular audits and assessments to ensure companies are adhering to enhanced privacy measures.

With stricter requirements, companies will need to be proactive in assessing their insurance needs, weighing the costs and benefits, and working with insurers to ensure they have the right coverage in place.  

Looking ahead

As we prepare for a strong 2023, SMBs must also prepare for new cybersecurity risks on the horizon. This is the time to help your clients more than ever with Telarus Cybersecurity tools and services by your side. Our new SolutionVue digital assessment and consulting tool has become a fast favorite among partners looking to start or expand their cybersecurity business, providing a complete talk track they can leverage during their conversations with customers. The quick solutions assessment (QSA) takes user input and, within seconds generates full supplier recommendations from our sales engineering team, as well as detailed action plans in order of priority – making it easy to guide your customer through a scalable roadmap without overwhelming them. Our highly-credentialed engineering team is also happy to join you in your customer meetings. Having that level of technical know-how at your disposal removes the fear when working with new and established technologies.   

Get excited. Together, we can keep your customers two steps ahead of cyber criminals, and you come out the hero by adding incredible value to their business as a trusted resource.   

In my next blog, I’ll cover the latest developments in cyber insurance and how it can help you win more business.   

In the meantime, let’s connect and talk about my two favorite topics: cybersecurity and bourbon.