In an exclusive interview with Cyber Intelligence, CEO and co-founder of cybersecurity firm EyeR, Sean Tsvik, explains what small-to-medium-sized organizations (SMEs) can do to protect their systems and customers’ critical data from increasingly sophisticated cyber-attacks.
Cyber Intelligence: What part of their cyber defenses should medium-sized firms shore up first?
Sean Tsvik: They should start by using a managed detection and response (MDR) service. That allows medium-sized organizations to protect themselves against increasingly sophisticated cyber-attacks without paying high salaries to in-house cyber experts. MDR services work out costing only a couple of dollars per endpoint and are by far the best starting point for small-to-medium-sized companies looking to strengthen their cyber defenses. Small organizations can also benefit from moving to the cloud as this leaves even fewer endpoints to secure.
Cyber Intelligence: What is the weakest point in medium-sized companies’ defenses?
Sean Tsvik: The exploitation of weaknesses in their firewalls to steal privileged credentials that potentially allow threat actors to take over the targeted organization. Ironically, the best-known Firewalls, such as Check Point, are the ones most targeted for weaknesses by increasingly organized criminal groups.
Cyber Intelligence: Many organizations in the healthcare and legal sectors hold highly confidential personal data on their clients. How can they protect themselves and their customers from increasingly sophisticated phishing and deepfake attacks?
Sean Tsvik: Zero Trust Identity is a relatively new technology that is really proving its worth. You effectively have an agent on your computer that has a clear view of who your computer can communicate with and that vets any other third parties, in accordance with the company’s procedures.
Cyber Intelligence: If you had one piece of advice for SMEs, what would it be?
Sean Tsvik: Simple: Procedure, Procedure and Procedure. These must be put in place across the organization and apply to all endpoints. This must also include devices such as smartphones, which may be used by staff for work and personal communications that have been deployed under a bring-your-own-devices (BYOD) to work.
Cyber Intelligence: How do you feel about companies investing in AI without fully considering the cybersecurity implications?
Sean Tsvik: It is extremely foolish for SMEs to invest in AI while failing to secure their own cyber-defenses, which can be done at a fraction of the cost of investing in AI and provide more tangible and immediate benefits.
Cyber Intelligence: Thank you.
