Leverage’s best of 2022


2022 has been a crazy year on several fronts — re-opening the country post-covid, a new normal for work, rampant inflation, war in Ukraine… it’s been a lot. The same is true for businesses as we navigate an ever-more hostile security environment, a constant need to innovate and upgrade our tech stacks to keep pace, etc. Leverage has been publishing useful (if we do say so ourselves) blogs all year to help businesses make sense of what’s happening out there, what we need to do to stay prepared, and where we go from here. Here are six of our favorite Leverage articles from this past year:

IT management vs. cybersecurity

In this primer, we walk through the similarities and differences between IT management and cybersecurity. For many (or most) small- or medium-sized businesses, they’re likely not separate departments (or even separate functions). But, the way you approach each ought to be nuanced and function-specific. The bottom line is that cybersecurity is its own discipline, and should be treated as such.

An IT manager is most concerned with technological operational efficiency — are systems up and running, providing the fewest headaches for your users and employees? Cybersecurity managers on the other hand are concerned with the protection and security of that network and those systems. The question for a cybersecurity manager is less “does this cause a headache for my employees or clients” but rather, “is this the safest way to operate?”

The four tiers of cybersecurity preparedness

Back in 2018, the National Institute of Standards and Technology released a report with a pretty bland name: Framework for Improving Critical Infrastructure Cybersecurity. But in that report is one of the most useful guides for how to think about organizational cybersecurity, how to improve your cybersecurity and how to stay secure even in a rapidly evolving threat environment. We use it to help our clients rise to the level of the cyber threats they face day in and day out. So, we broke it all down for you.

These four cybersecurity tiers can provide both insight and actionable intelligence to get your company’s cybersecurity situation where it needs to be.

The most successful phishing attacks… come from you

Phishing is still the most prevalent and successful way threat vectors gain access to company systems. And as it turns out, the best way to get someone to click on a link or download a malicious attachment is to impersonate HR or IT.

“…emails from HR/IT are most likely to be clicked by employees; and half of those getting clicked had HR-related subject lines such as ‘vacation policy updates,’ ‘dress code changes,’ or ‘upcoming performance reviews.’

In this article, we walk you through what to watch out for when training your employees to spot these kinds of phishing attempts.

Data integrity vs. data security — both important, but not the same thing

In a modern company, your data storage and security protocols are of the utmost importance. But when we talk about data integrity, we often mistake it for data security. They’re both massively important, but they’re not exactly the same thing. In his blog post, we broke down those differences, why they matter, and how you can think critically about both, and holistically about them together.

Company without cyberinsurance on the hook for $668k scam

While I hated writing this post, I loved the content of it because it put the effects of a cybersecurity breach into real-world dollars and sense, specifically for a regional company based in Texas.

For this article, I spoke with a good friend of mine who owns an insurance brokerage. He relayed a story to me about a client of his, specifically a law firm, that submitted an insurance claim for just shy of $700,000 because the firm was the victim of a sophisticated and devastating phishing scam. But, because the firm didn’t carry cyberinsurance explicitly, the claim had to be denied.

The article puts cybersecurity into stakes anyone can understand, with an interview with an insurance professional to walk us through the finer points.

And finally, IT budgets grow despite economic uncertainty

For our final highlight of 2022, a bit of optimism about the IT, cybersecurity and technology space. As I mentioned in the first paragraph of this post, 2022 saw a global pandemic, an unprecedented recession (even if it ended up being shorter-lived than anticipated), supply chain disruptions, a war in Ukraine, and now, sharp, sustained inflation. But, “[a]ccording to a recent report released by Avasant, ‘more companies are planning IT budget increases than at any time in the cloud era.’”

IT is no longer a line item business leaders seek to minimize at all costs. To wit: “…in 2019, at the median, companies spent 75% of IT budgets on running the business and only 25% on growing or transforming the business. This year, at the median, the percentage of the budget spent on running the existing business is only 65%. A full 35% is dedicated to growing or transforming the business.”

IT is now a driver of innovation and top- and bottom-line results. Forward-thinking companies are looking to leverage their technology stacks into greater profits, and we take that as a much-welcomed sign of optimism going into 2023.

Here’s to 2023

Thanks so much for spending a part of your 2022 with us here at Leverage. We hope we’ve given you some insight along the way, and we look forward to being back at it in 2023!