Share This Article
Editor’s note: This article makes reference to a recent IT Security panel held at the 2025 JumpCloudLand virtual user conference. Robert Phan, Chief Information Security Officer at JumpCloud, led a discussion with Abhra Sinha, Senior Solutions Architect at AWS, and Dylan Souvage, Partner Solutions Architect at AWS, to bring together insights across industries on how to implement secure authentication across all resources. You can watch the entire panel discussion at the end of this article.
Facing today’s cyber threat landscape feels a bit like playing chess without knowing your opponent’s next moves… but they know yours.
I think a big part of [addressing modern cybersecurity challenges] is public exposure for mid-market enterprises… as an evolving threat landscape, the sophistication of cyber attacks is causing a layer of complexity which is tough to solve.
Abhra Sinha | Senior Solutions Architect at AWS
Cybercrime isn’t just about hackers in dark rooms anymore—it’s organized, strategic, and backed by advanced tools like AI. For small- to medium-sized enterprises (SMEs), this means staying proactive, adaptable, and creative to tackle these challenges.
At the recent JumpCloudLand virtual conference, a cybersecurity panel comprised of thought leaders and security experts from AWS met to tackle one critical question: What does it take to stay ahead of cyber threats in today’s connected world?
Below are the key takeaways.
Cybersecurity as a Business Survival Imperative
First things first—cybersecurity is no longer just an IT concern; it’s a fundamental business survival issue.
A shocking 60% of SMEs that suffer a cyberattack are forced to close their doors within six months. Why?
Because a cyberattack isn’t just a nuisance. It’s an existential risk that disrupts operations, erodes customer trust, and results in crippling costs.
The panelists pointed out that tools like ransomware-as-a-service and AI-powered attacks are now widely available. Once limited to nation-states, these technologies can now be wielded by amateur criminals.
These weapons that were once limited to nation states are now available to anyone with a few hundred dollars… SMBs are targeted not just because they have valuable data, but because they’re seen as softer targets.
Dylan Souvage | Partner Solutions Architect at AWS
But SMEs don’t have to face this alone. Many of the same cloud-native security solutions used by large enterprises are more accessible than ever. They provide automated threat detection and response without requiring sprawling, costly infrastructure.
Key Thought:
Cybersecurity isn’t something you can just set and forget—it’s a key part of running a business. Focus on basics like visibility, identity-first security, and solid internal policies. This helps build a stronger, more secure foundation for growth.
Addressing Top Cybersecurity Challenges
The panel broke down key challenges SMEs face and provided actionable insights you can implement today.
1. Increasing Sophistication of Attacks
The threat actors have upped their game.
Phishing, for instance, accounts for 70% of successful cyberattacks, targeting human error over technical flaws. Traditional password-based systems are no match for today’s phishing methods.
What can you do about it?
- Adopt modern, phishing-resistant multi-factor authentication (MFA).
- Use biometric factors like fingerprints or facial recognition. They make user authentication easier and more secure.
- Combine MFA with tools like SSO for a smoother user experience and less risk.
2. Machine Identity Proliferation
With the rise of cloud services, machine identities (non-human credentials) are skyrocketing. Managing these digital credentials—like keys, tokens, and certificates—is critical. It’s hard to manage across distributed systems without the right identity management systems and policies.
What can you do about it?
- Implement strict audit control policies and governance for machine identities.
- Check how these credentials are made. Make sure they follow least-privilege principles. This helps reduce the risk of exploitation.
3. The Shadow IT Problem
Shadow IT—unauthorized software or devices used within organizations—is a silent epidemic. It creates security blind spots that IT teams may not know about. This leaves organizations open to data breaches and compliance issues.
What can you do about it?
- Make the “right way” the easy way.
- Provide user-friendly, approved tools that are faster and more seamless than unauthorized alternatives.
- Combine this approach with clear policies, education, and strong monitoring. This will close visibility gaps, so you won’t stifle innovation.
Casting IT Into the Shadows
What you can’t see CAN hurt you when it comes to shadow IT. Learn six key shadow IT risks and how to address them proactively.
4. Implementing Zero Trust
Moving away from outdated perimeter-based security is no small feat. For SMEs with limited budgets and resources, the challenge is compounded.
The change to remote work has made a lot of new challenges for security… It’s also exposing risks and biases that we once had… There is no trusted network anymore.
Bob Phan | CISO at JumpCloud
What can you do about it?
- Never forget: Zero Trust isn’t a product; it’s a mindset.
- Start small and make incremental improvements.
- Focus on strong identity management (like MFA and SSO), mapping your assets, and setting basic access guardrails. Layered, iterative progress can achieve big results while staying manageable.
5. Gaining Internal Buy-In
Communicating the importance of cybersecurity investments to stakeholders isn’t always easy. IT leaders are often blocked by budget constraints or a lack of urgency from leadership.
What can you do about it?
- Translate technical risks into business impacts.
- Build your case with examples of regulatory penalties, cost of downtime, or security incidents within similar organizations.
- For budget-sensitive situations, start with small, high-impact investments. For example, use MFA on critical systems. This shows quick ROI.
Key Emerging Trends
Beyond immediate challenges, the panel explored what’s next in cybersecurity. They identified three major trends every IT professional should be tracking:
- Generative AI
AI—while a double-edged sword—is a game-changer.
Threat actors are already deploying AI to automate attacks, making stronger defenses essential. Business leaders should invest in AI security tools, such as behavior-pattern monitoring. They also need to promote AI literacy across the company to manage risks.
- Post-Quantum Security
With quantum computing edging closer to reality, long-term encrypted data could become exposed.
Organizations need to prepare. Start by auditing your cryptographic implementations and ensuring TLS 1.3 compliance.
- Digital Sovereignty
Regulatory and compliance rules are growing. They highlight the need for local control over data storage.
Cloud providers, like AWS, now offer sovereign cloud services. These services provide stricter data residency assurances.
Moving Forward
Cybersecurity feels overwhelming—and for good reason.
But tackling it doesn’t mean doing everything, everywhere, all at once.
Instead, start with the basics. Enable strong identity-first security with MFA and SSO. Map your assets. Address the most pressing security gaps while setting yourself up for long-term improvements.
Most importantly, nurture a culture of security.
It’s no longer just about what IT leaders and security teams do; security needs to be embedded across every department, role, and process.
Want to hear more expert insights? Watch the full JumpCloud Land cybersecurity panel discussion to learn practical strategies for securing your organization while maintaining agility.
You can also check out these helpful resources to learn more about the evolving security landscape (and what you can do about it).
Zero Trust Demystified
Zero Trust isn’t out of reach. Download this whitepaper to learn why it's essential, where to start, and what to watch out for.
IT Compliance Quickstart Guide
The resources, tools, and education you need to make IT compliance painless.
