Whether working at home or in the office, when conducting cybersecurity research, investigating the dark web forums or engaging with any dangerous part of the internet, staying safe is critical. While most researchers use a virtual machine to mitigate risks to the host PC, there is an overlooked and unprotected attack surface: the network. This post will illuminate potential risks and introduce a new solution to keep your network safer without hindering your workflow.

Organizations are experiencing explosive growth in identities – both machine and human. This includes machine identities such as applications and workflows, which now outnumber human identities 45:1. With new norms such as hybrid work, new environments like hybrid cloud and the continuous flow of rapid innovation, the reality is that organizations are facing a constant onslaught of identity-related attacks like ransomware and phishing. The solution for getting a handle on the chaos?

Our guest today is Rita Gurevich, the CEO and Founder of SPHERE, an identity hygiene platform. Gurevich joins host David Puner to explore the challenges and dynamics surrounding identity and cyber hygiene in today’s cybersecurity landscape. The conversation begins by addressing the accelerated pace at which cyber controls and identity hygiene requirements are evolving, emphasizing the critical role they play in cybersecurity strategies.

My career began with read-only access. In my first job, I worked night shifts in a data operations center. Our team handled incidents identified either by monitoring or from end customers. This meant I often had to perform first, second and third-line troubleshooting. If we couldn’t identify and resolve the issue, our only option was to wake up a rather exhausted escalation engineer.

The growing frequency and sophistication of cyberattacks, especially on the ransomware front, have compelled even more companies to seek cyber insurance coverage. But as the need for coverage grows, so do the complexities. Even though we’re seeing a trend in which premiums have flattened, with expectations that this will continue as a market correction occurs, significant challenges remain for companies seeking coverage.

2023 was a lucrative year for ransomware actors, with victim organizations paying $449.1 million in the first six months alone. Maintaining this cash stream requires frequent technique shifts, which may be why more attackers are exploiting legitimate software to propagate their malware. Abusing organizations’ existing enterprise tools can help attackers blend in while they’re doing reconnaissance, and also aids them with privilege escalation and persistence.