(Don Yäger (President) interviews Mark Green, (VP of IT) at Mural Technologies)
Don: Mark, with 30+ years in the field, what security threats have you seen evolve most dramatically, and which remain surprisingly consistent?
Mark: Ransomware has undergone a mind-blowing evolution. We’ve gone from script kiddies to sophisticated criminal enterprises with business models that would impress VCs. They’re running operations with dedicated development teams, 24/7 support desks, and affiliate programs. What keeps me up at night? Good old-fashioned phishing. Despite all our fancy tech, humans remain the most exploitable vulnerability in any system.
Don: Many SMBs believe they’re “too small to target.” How do you respond to this common misconception?
Mark: Cybercriminals aren’t researching company size before launching attacks. Most attacks today are automated and opportunistic. SMBs are preferred targets because they typically have weaker security controls but still handle valuable data. I’ve seen ransomware groups specifically target businesses with 50-250 employees because they have enough money to pay a ransom but not enough security resources.
Don: If an SMB has a limited security budget, what are the top 3 security measures they should prioritize immediately?
Mark: First, implement multi-factor authentication everywhere possible. Period. It’s the closest thing to a silver bullet we have. Second, establish a robust backup strategy following the 3-2-1 rule: three copies of your data, on two different media types, with one stored offsite and offline. Third, invest in security awareness training for your staff. Technical controls matter, but humans remain your first line of defense.
Don: How has the rise of remote/hybrid work changed the security landscape for small businesses?
Mark: Remote work dissolved the traditional network edge. It’s not just about protecting your office network anymore; it’s about securing hundreds of mini-branch offices. The attack surface exploded. Identity has become the new perimeter. Companies adapting well are embracing cloud security, focusing on endpoint protection regardless of location, and implementing stronger authentication.
Don: What’s your framework for helping clients respond in those critical first hours after discovering a breach?
Mark: I use “CALM.” Contain – isolate affected systems without destroying evidence. Assess – quickly determine what systems were affected and what data may have been compromised. Legal/Leadership notification – get legal counsel involved immediately. Breach disclosure requirements have teeth now. Mobilize – activate your incident response team or external partners.
Don: What security metrics should SMB leaders pay attention to?
Mark: Focus on Mean Time to Detect and Mean Time to Respond. Watch your patch compliance rate for critical vulnerabilities. Monitor your MFA adoption rate – if it’s not 100% for privileged accounts, you’ve got a problem. Measure phishing simulation results to see if your people are improving at spotting attacks.
Don: How do you balance security needs with business productivity and user experience?
Mark: Perfect security with zero usability equals zero security. The key is right-sized controls based on risk. User experience must be part of your security design from day one. Every additional click you add to a security process reduces compliance. The best balance comes from understanding the business processes you’re securing.
Don: What emerging threats should SMBs be preparing for in the next 12-24 months?
Mark: AI-powered social engineering is already changing the game. Supply chain compromises are accelerating – why hack 100 companies individually when you can compromise the software vendor they all use? “Access mining” is becoming more common – attackers breaching systems just to sell that access to other criminals. Mobile devices are becoming an even bigger target.
Don: Can you share an anonymized example of a client who transformed their security posture?
Mark: A DOD subcontractor had their entire infrastructure consisting of a single file server behind a consumer-grade cable modem. No firewall, no segmentation, unprotected wireless network with passwords on sticky notes. We implemented a systematic overhaul aligned with NIST 800-171 requirements. In a year, we took them to full compliance across all 110 controls, turning what started as an emergency compliance project into a competitive advantage in contract bids.
Don: What resources would you recommend for SMB leaders who want to better understand their security responsibilities?
Mark: Start with the NIST Cybersecurity Framework – it’s comprehensive without being overwhelming. For regulated industries, the FTC’s “Start with Security” guide offers practical advice in plain English. SANS offers excellent courses specifically for business leaders. Follow US-CERT alerts and Center for Internet Security newsletters to stay current on threats.
Don: In such a crowded cybersecurity landscape, how does Mural Technologies’ approach differ?
Mark: Most providers treat SMBs like miniature enterprises, throwing scaled-down versions of enterprise solutions at them. We build security programs around your business processes first. What resonates with clients is our pragmatic approach and our focus on resilience, not just prevention. We’re honest that breaches happen even with the best defenses, so we put equal emphasis on ensuring you can recover quickly when—not if—something goes wrong.
___________________________________________________________________________________
About Mural Technologies: Established in 2005, Mural Technologies has evolved from providing Microsoft cloud migration support into a comprehensive strategic innovation partner. As a security-enabled MSP, we deliver advanced cybersecurity solutions that protect businesses while enabling growth, provide expertise in navigating complex compliance requirements, develop AI-driven solutions through our Contextual.io platform, and collaborate with businesses on strategic technology innovation. Learn more at Managed IT Services for Small Businesses | Mural Technologies or contact connect@mural.cloud.
The post Mural Technologies Guest Blog Post: The SMB Security Blindspot: What Most IT Providers Won’t Tell You About Cybersecurity appeared first on Arizona Technology Council.
