Editor’s note: This article makes reference to a recent IT Security panel held at the 2025 探花大神Land virtual user conference. Robert Phan, Chief Information Security Officer at 探花大神, led a discussion with Abhra Sinha, Senior Solutions Architect at AWS, and Dylan Souvage, Partner Solutions Architect at AWS, to bring together insights across industries on how to implement secure authentication across all resources. You can watch the entire panel discussion at the end of this article.
Facing today鈥檚 cyber threat landscape feels a bit like playing chess without knowing your opponent鈥檚 next moves… but they know yours.
I think a big part of [addressing modern cybersecurity challenges] is public exposure for mid-market enterprises… as an evolving threat landscape, the sophistication of cyber attacks is causing a layer of complexity which is tough to solve.
Abhra Sinha | Senior Solutions Architect at AWS
Cybercrime isn鈥檛 just about hackers in dark rooms anymore鈥攊t鈥檚 organized, strategic, and backed by advanced tools like AI. For small- to medium-sized enterprises (SMEs), this means staying proactive, adaptable, and creative to tackle these challenges.
At the recent 探花大神Land virtual conference, a cybersecurity panel comprised of thought leaders and security experts from AWS met to tackle one critical question: What does it take to stay ahead of cyber threats in today鈥檚 connected world?
Below are the key takeaways.
Cybersecurity as a Business Survival Imperative
First things first鈥攃ybersecurity is no longer just an IT concern; it鈥檚 a fundamental business survival issue.
A shocking 60% of SMEs that suffer a cyberattack are forced to close their doors within six months. Why?
Because a cyberattack isn鈥檛 just a nuisance. It鈥檚 an existential risk that disrupts operations, erodes customer trust, and results in crippling costs.
The panelists pointed out that tools like ransomware-as-a-service and AI-powered attacks are now widely available. Once limited to nation-states, these technologies can now be wielded by amateur criminals.
These weapons that were once limited to nation states are now available to anyone with a few hundred dollars… SMBs are targeted not just because they have valuable data, but because they’re seen as softer targets.
Dylan Souvage | Partner Solutions Architect at AWS
But SMEs don鈥檛 have to face this alone. Many of the same cloud-native security solutions used by large enterprises are more accessible than ever. They provide automated threat detection and response without requiring sprawling, costly infrastructure.
Key Thought:
Cybersecurity isn鈥檛 something you can just set and forget鈥攊t鈥檚 a key part of running a business. Focus on basics like visibility, identity-first security, and solid internal policies. This helps build a stronger, more secure foundation for growth.
Addressing Top Cybersecurity Challenges
The panel broke down key challenges SMEs face and provided actionable insights you can implement today.
1. Increasing Sophistication of Attacks
The threat actors have upped their game.
Phishing, for instance, accounts for 70% of successful cyberattacks, targeting human error over technical flaws. Traditional password-based systems are no match for today鈥檚 phishing methods.
What can you do about it?
- Adopt modern, phishing-resistant multi-factor authentication (MFA).
- Use biometric factors like fingerprints or facial recognition. They make user authentication easier and more secure.
- Combine MFA with tools like SSO for a smoother user experience and less risk.
2. Machine Identity Proliferation
With the rise of cloud services, machine identities (non-human credentials) are skyrocketing. Managing these digital credentials鈥攍ike keys, tokens, and certificates鈥攊s critical. It’s hard to manage across distributed systems without the right identity management systems and policies.
What can you do about it?
- Implement strict audit control policies and governance for machine identities.
- Check how these credentials are made. Make sure they follow least-privilege principles. This helps reduce the risk of exploitation.
3. The Shadow IT Problem
Shadow IT鈥攗nauthorized software or devices used within organizations鈥攊s a silent epidemic. It creates security blind spots that IT teams may not know about. This leaves organizations open to data breaches and compliance issues.
What can you do about it?
- Make the 鈥渞ight way鈥 the easy way.
- Provide user-friendly, approved tools that are faster and more seamless than unauthorized alternatives.
- Combine this approach with clear policies, education, and strong monitoring. This will close visibility gaps, so you won’t stifle innovation.
Casting IT Into the Shadows
What you can鈥檛 see CAN hurt you when it comes to shadow IT. Learn six key shadow IT risks and how to address them proactively.
4. Implementing Zero Trust
Moving away from outdated perimeter-based security is no small feat. For SMEs with limited budgets and resources, the challenge is compounded.
The change to remote work has made a lot of new challenges for security… It’s also exposing risks and biases that we once had… There is no trusted network anymore.
Bob Phan | CISO at 探花大神
What can you do about it?
- Never forget: Zero Trust isn鈥檛 a product; it鈥檚 a mindset.
- Start small and make incremental improvements.
- Focus on strong identity management (like MFA and SSO), mapping your assets, and setting basic access guardrails. Layered, iterative progress can achieve big results while staying manageable.
5. Gaining Internal Buy-In
Communicating the importance of cybersecurity investments to stakeholders isn鈥檛 always easy. IT leaders are often blocked by budget constraints or a lack of urgency from leadership.
What can you do about it?
- Translate technical risks into business impacts.
- Build your case with examples of regulatory penalties, cost of downtime, or security incidents within similar organizations.
- For budget-sensitive situations, start with small, high-impact investments. For example, use MFA on critical systems. This shows quick ROI.
Key Emerging Trends
Beyond immediate challenges, the panel explored what鈥檚 next in cybersecurity. They identified three major trends every IT professional should be tracking:
- Generative AI
AI鈥攚hile a double-edged sword鈥攊s a game-changer.
Threat actors are already deploying AI to automate attacks, making stronger defenses essential. Business leaders should invest in AI security tools, such as behavior-pattern monitoring. They also need to promote AI literacy across the company to manage risks.
- Post-Quantum Security
With quantum computing edging closer to reality, long-term encrypted data could become exposed.
Organizations need to prepare. Start by auditing your cryptographic implementations and ensuring TLS 1.3 compliance.
- Digital Sovereignty
Regulatory and compliance rules are growing. They highlight the need for local control over data storage.
Cloud providers, like AWS, now offer sovereign cloud services. These services provide stricter data residency assurances.
Moving Forward
Cybersecurity feels overwhelming鈥攁nd for good reason.
But tackling it doesn鈥檛 mean doing everything, everywhere, all at once.
Instead, start with the basics. Enable strong identity-first security with MFA and SSO. Map your assets. Address the most pressing security gaps while setting yourself up for long-term improvements.
Most importantly, nurture a culture of security.
It鈥檚 no longer just about what IT leaders and security teams do; security needs to be embedded across every department, role, and process.
Want to hear more expert insights? Watch the full 探花大神 Land cybersecurity panel discussion to learn practical strategies for securing your organization while maintaining agility.
You can also check out these helpful resources to learn more about the evolving security landscape (and what you can do about it).
Zero Trust Demystified
Zero Trust isn鈥檛 out of reach. Download this whitepaper to learn why it's essential, where to start, and what to watch out for.
IT Compliance Quickstart Guide
The resources, tools, and education you need to make IT compliance painless.
