June 2021 – Reuven Aronashvili, Founder and Chief Executive Officer at CYE

Truision was honored to host Reuven Aronashvili, the Founder and Chief Executive Officer at CYE, for June’s CIO Forum discussing ” United States:  Current target for cyber security attacks – overview, root cause analysis and how to deal with this…”.  Below is a summary of Reuven’s presentation and his bio. 

reuvenOn average, the US was hit by over 6 cyber attacks monthly since March 2021 and sophisticated attacks were able to dramatically compromise entire organizations. As a result, a number of companies paid the hackers (JBS, Colonial Pipeline), indicating a risky shift in ways in which organizations respond to these attacks. In most cases, cyber attacks are a result of a very simple security breach (easy-to-guess passwords, for example)

Companies need to consider security system designs, as users will often take shortcuts which compromises security systems. Technology investments do not equal maturity with capabilities. It has been found that:

  • 90% of exploited vulnerabilities are ones known by security & IT
  • 75 average number of security tools in enterprises
  • 80% of tools are under-utilized at default settings
  • 35% of security tools have overlapping capabilities

As a result of the above findings, these can actually cause circumstances for hackers to exploit. The basic use of tools does not mean a system is secure, they need to be set up correctly.

Root cause analysis of security breaches have revealed the following:

  1. Some users have excessive permissions to the internal systems, giving hackers an easy gateway into the rest of the organization through these users
  2. Cloud security misconfiguration
  3. Multi-factor authentication is often not enforced. Microsoft’s Legacy Authentication allows users to bypass MFA.
  4. Weak password policy and enforcement- This paired with point 3 above, enables for effortless access
  5. Network segregation. There’s often no restrictions on access so that attackers can easily move between networks
  6. Missing logs and insufficient visibility- organizations will often be unable to provide sufficient historical data logs to help with identifying the security’s vulnerabilities and the attackers’ entry points

Risk quantification and translation is a key driver for security maturity. Organizations will often leverage unquantified, CVSS-based security to address vulnerabilities in a network. Unfortunately, it’s necessary to look at all the vulnerabilities as one network to determine which clusters may be the most important to address. Two areas to consider within context are the Business Impact and the Mitigation Cost.

Most impactful is managing risks with a fact-based approach:

  1. Defining the threat sources and crown jewels
  2. Measuring the security baseline- identifying attack vectors which connects threat sources to the organization’s business assets. This allows you to map potential security vulnerabilities and the likelihood of those attacks given the current system. Instead of looking for vulnerabilities, look for possible attack routes which will help maximize time and focus. Consider ecosystems of 3rd parties you work with (CRM systems, for example) as part of the possible routes of attack.
  3. Setting the objectives- identify how your organization compares to industry standards.  These can be found in industry reports from Ponemon in partnership with IBM.
  4. Establishing the strategic-program and prioritize the most pressing security issues and address accordingly

It’s important to remember that security improvements are a continuous effort and are addressed frequently. At minimum, security should be addressed twice a year to ensure the organization’s security. Remember to translate the consequences to the business in the event of a security attack, helping key stakeholders understand the importance of this proactive work.

 About Reuven Aronashvili

Reuven Aronashvili is the Founder and Chief Executive Officer at CYE. He is a serial cyber security entrepreneur, having acquired deep knowledge and passion for cyber security while serving in an elite cyber security unit of the IDF. Reuven is a national-level cyber security expert, with expertise in designing and developing innovative security solutions for governments and multi-national organizations around the globe. He brings CYE an impressive track record for conducting high-profile cyber security improvement programs across a wide range of industries. Reuven serves a trusted advisor for executives in leading Fortune 500 companies and was certified by the US Department of Homeland Security as an international industrial control systems cyber security expert. Reuven holds an M.Sc. in computer science, accomplished as part of an excellence program during his military service.