This is an ongoing series of guest blogs written by TAG Cyber analysts in conjunction with various members of our SPHERE team. Offering insights from the perspective of the professional industry analysts combined with a technology company focused on the goal of establishing cyber hygiene. This article comes from a fearless leader, CEO & Founder of TAG Cyber, Edward Amoroso.
The original cyber threats came from hackers. Early incidents involved young people exploring how viruses, break-ins, worms, and other tactics might be utilized. While such activity often violated policies (and sometimes broke laws), observers in those early years viewed hackers as mostly just showing bad judgment. No one thought, for example, that Kevin Mitnick and other early hackers, wanted to cause serious harm to human beings or essential services.
More recently, however, this threat has evolved significantly – and two types of dangerous malicious groups have emerged. First, there are criminals who have monetary gain as their objective. These actors use fraudulent action, often with stolen credentials that leverage sloppy enterprise management, to gain unauthorized access to accounts and data. The FBI recently estimated that losses in 2021 due to such activity approached $7B.
Second, there are the nation-states who leverage cybersecurity vulnerabilities to accomplish military, intelligence, and other broad objectives. Experience shows that these military actors also make extensive use of stolen credentials and poor administration of accounts and data. This makes sense because while a nation-state can certainly employ more advanced zero-day attacks, they are well-served to utilize common and familiar weaknesses.
Given this common use of enterprise vulnerabilities by both criminals and state actors, the need for attention to foundational protections such as permissions management is essential. And for many security practitioners this should be good news. That is, with the onslaught of new powerful adversaries, many enterprise teams become overwhelmed with concern that they cannot possibly manage the associated increase in cyber risk.
What these teams can and should do is maintain continued focus on foundations. SPHERE’s commercial platform for optimizing cyber hygiene is an example solution that will help to accomplish this broad objective. The platform addresses the most common misconfigurations and vulnerabilities found in modern business environments. This includes weaknesses in identity management, privileged accounts, Office 365, Active Directory, and unstructured data.
Certainly, criminal and nation-state actors will always have the ability to go above and beyond the normal level of malicious action to target assets. Most enterprise teams will have to rely on government partnership to help with these types of actions. But for the more common, day-to-day exploits that are used by all malicious actors, regardless of their capability, commercial tools such as from SPHERE are an excellent defense option.
As always, please let us know what you think. Protecting data and resources from criminals and nation-states is especially difficult. We need to openly share best practices and views to best manage our risk.