This is an ongoing series of guest blogs written by TAG Cyber analysts in conjunction with various members of our SPHERE team. Offering insights from the perspective of the professional industry analysts combined with a technology company focused on the goal of establishing cyber hygiene. This article comes from a fearless leader, CEO & Founder of TAG Cyber, Edward Amoroso.
I spent a nice afternoon recently with Rita Gurevich, CEO of cybersecurity company SPHERE, on the Hoboken campus of the Stevens Institute of Technology. Rita and I are both graduates of the university, with my degrees, of course, coming probably before Rita was born. We had agreed to sit down and talk about cyber hygiene.
The irony is that during our time together, spent before the major recent build-up of Russian forces in Ukraine, we had agreed that cyber hygiene would serve as a key defense against hostile cyber threats from nation-state military actors. It’s so sad that shortly after our discussion, which we filmed on YouTube, our commentary would be more relevant than either of us would have hoped.
Here is the point: When a nation-state decides to target an adversary, they will factor two issues into their calculation. First, they will look for targets with meaningful consequence. In the old days, this meant only critical infrastructure, but today we know that cyber threats to any type of business, including small and medium sized enterprise, can have serious consequences. But second, nation states will look for soft spots in targeted infrastructure. This often surprises non-expert observers, because they presume that capable nation-state actors will immediately pull out their elite zero-day weapons to go after an adversary. But experience dictates otherwise. Nation-states behave essentially like normal hackers when they initiate a new campaign.
What this means for enterprise teams is simple: The importance of cyber hygiene could not be more important – not only to deal with day-to-day compliance and security issues, but also to address the growing threats that we are all watching every day on television. As tensions rise in Eastern Europe, your cyber response should be to improve your cyber hygiene. It should be priority number one.
The SPHERE team offers an effective portfolio of security solutions that our TAG Cyber analyst team has reviewed thoroughly. These include support for cleaning up permissions, improving privileged access management, reducing complexity of Active Directory deployments, and highlighting non-compliances with policies. These are valuable tools in reducing cyber risk.
Now – you might not be as lucky as I was to have spent face-to-face time with Rita in Hoboken for an afternoon, but you can certainly contact their team to learn more. I strongly recommend that you schedule this discussion – and I am eager to hear your before-and-after story. Do it now, because the consequences of inaction can leave soft spots which can be exploited by the bad actors.
Good luck and let us know your experience after you contact the SPHERE team.