At IT Nation Connect in Orlando, we sat down with Anup Ghosh, CEO of ThreatMate, to discuss cybersecurity, managing risk, and building smarter defences for businesses.
Episode Highlights:
Follow us on our channels:
Cybersecurity isn’t just a technical issue anymore—it’s a critical business challenge. As businesses face growing risks from cyber threats, managed service providers (MSPs) play a pivotal role in securing networks, mitigating vulnerabilities, and enabling business continuity. For small to medium-sized businesses (SMBs), the stakes are higher than ever.
In a conversation with Anup Ghosh, CEO of ThreatMate, we explored the evolving cybersecurity landscape, the importance of proactive defence (what he calls “left of boom”), and why businesses must prioritise risk management over technical jargon. Read on for actionable insights and strategies that can help businesses and MSPs stay ahead of modern cyber threats.
For SMBs, cybersecurity often feels overwhelming. The perception that only large enterprises face sophisticated attacks is no longer true. SMBs are now prime targets because they are often less prepared, lack dedicated security teams, and operate on tighter budgets.
Anup emphasised that the cybersecurity challenge has evolved from technical issues to a broader business risk problem. Cyber insurance, for example, is increasingly enforcing higher standards for businesses. Companies must now meet baseline security measures—like multi-factor authentication (MFA), vulnerability management, and risk assessments—to even qualify for coverage.
Moreover, frameworks like Australia’s Essential Eight and the US’s NIST Cybersecurity Framework are no longer optional. These standards are quickly becoming table stakes for doing business, as supply chain requirements and procurement policies place cybersecurity front and centre.
Key takeaway: SMBs need to treat cybersecurity as a business-critical priority, not an afterthought. Compliance, continuity, and customer trust depend on it.
In cybersecurity, the term “boom” refers to the moment a breach or incident occurs—like a ransomware attack or data theft. Traditionally, most security efforts focus right of boom, which involves detection, response, and recovery after an incident.
However, Anup Ghosh highlighted the importance of shifting focus left of boom. This means prioritising prevention strategies to reduce the likelihood of incidents altogether. Simply put, better prevention means fewer breaches to manage. For MSPs and businesses alike, this approach is both cost-effective and critical for long-term resilience.
Why left of boom matters:
Anup summed it up well: “Do a really good job on prevention, and you’ll have fewer boom events.” This mindset is essential for SMBs where resources are limited, and every incident carries a heavier business impact.
Cybersecurity conversations often get bogged down in jargon. Terms like CVEs (Common Vulnerabilities and Exposures) can confuse business owners and complicate risk management.
Anup argues that focusing solely on CVEs—software bugs that may or may not be exploited—is the wrong approach. Instead, businesses should address exposures, which are broader vulnerabilities that bad actors exploit. These include:
To put it into perspective: 94% of all CVEs do not have an associated exploit. Yet, businesses often waste time patching non-critical vulnerabilities while ignoring significant risks like open ports or misconfigured systems.
A better approach:
Anup shared a great example: “If I’m an adversary, and you give me RDP to log into, I’ll work on that all day long.” In other words, hackers will always take the path of least resistance, so businesses must eliminate obvious exposures.
Modern cybersecurity isn’t just about securing the perimeter anymore. The old approach—where networks are “crunchy on the outside, soft and chewy on the inside”—doesn’t work.
This is where Zero Trust comes in. Instead of trusting any device or user by default, Zero Trust assumes every connection must be verified and restricted to its minimum required access.
Alongside Zero Trust, multi-factor authentication (MFA) is one of the simplest and most effective ways to prevent breaches. Yet, many businesses still don’t fully implement it. Anup highlighted that even Microsoft’s major compromise stemmed from an admin account without MFA enabled.
Best practices for businesses:
While most businesses now understand that cybersecurity is essential, the challenge lies in communicating its value. Anup emphasised that MSPs must frame cybersecurity as a business risk conversation, not a technical one.
For example, rather than discussing CVEs, businesses should focus on:
Cybersecurity frameworks like NIST and Essential Eight help businesses make sense of their risks. These frameworks provide a roadmap for:
Cybersecurity is no longer optional. For SMBs, it’s a matter of survival, resilience, and competitive advantage. By focusing on prevention, addressing exposures, and adopting frameworks like NIST and Essential Eight, businesses can reduce risk and build trust with customers and insurers.
Key actions for SMBs:
By taking these steps, businesses can stay ahead of cyber threats, protect their data, and ensure long-term resilience.
Ready to take control of your cybersecurity? Learn more about how ThreatMate and trusted MSP partners can help you mitigate risk, simplify security, and build a stronger, more resilient business. Visit ThreatMate.com or reach out to your MSP today!