Cyverity

Get Started

Crucial Cyber Hygiene Defenses for 2023

asian-young-female-insurance-agent-in-formal-suit-2022-04-19-04-03-47-6G9Z37M.jpg

Speaker: James Tarala
Event: RSA Conference
Date: June 7, 2023
Watch on YouTube: https://www.youtube.com/watch?v=JVaRMTX2vf8 

Introduction 

Cybersecurity is filled with exciting innovations, from artificial intelligence to advanced threat modeling. However, James Tarala argues that the basics of cyber hygiene remain the most impactful defenses against cyber threats. In this RSA Conference session, he emphasizes the importance of focusing on foundational security practices rather than getting distracted by the latest industry buzzwords. 

Using the analogy of handwashing in hospitals, Tarala illustrates that simple, well-executed security measures can prevent a vast number of cyber incidents. While new threats emerge, organizations continue to struggle with implementing the basic defenses that would have the greatest impact on their security posture. 

 

Key Takeaways 

  • Cyber hygiene is about discipline, not complexity. Many breaches occur because organizations fail to implement well-known security measures. 
  • Attackers rely on predictable security gaps. Phishing, credential theft, and lateral movement continue to be top attack vectors. 
  • Multi-Factor Authentication (MFA) is essential but must be applied consistently. Partial MFA implementation leaves significant gaps. 
  • Application control is the most effective, underutilized defense. Organizations that implement application whitelisting significantly reduce malware infections. 
  • Prioritization matters. Security teams should focus on fixing the highest-impact issues rather than trying to address everything at once. 

Summary of the Discussion 

The Most Common Cyber Threats in 2023 

James Tarala highlights key cybersecurity challenges that organizations continue to face: 

  • Lack of Situational Awareness: Many companies do not have full visibility into their assets, making it difficult to assess risks. 
  • Phishing Attacks: Despite efforts to curb phishing, it remains a top attack vector, with employees regularly falling for malicious emails. 
  • Credential Theft and Lateral Movement: Attackers use stolen credentials to move across networks quickly, often compromising entire environments within hours. 
  • Application Abuse and API Security: With organizations increasingly relying on third-party applications and cloud services, API vulnerabilities and misconfigurations are becoming critical threats.

 

The Power of Basic Cyber Hygiene 

James Tarala references multiple national cybersecurity agencies—including the NSA, GCHQ, and the Australian Cyber Security Centre (ACSC)—that have studied breaches and consistently found that simple cyber hygiene measures could have prevented the majority of incidents. 

One of the most striking examples is Australia’s Essential Eight, a prioritized set of security controls. Research found that implementing just four key controls could have prevented 93% of attacks on Australian government agencies. These four controls include: 

  1. Application Whitelisting – Allow only approved applications to run. 
  2. Patch Management – Keep both OS and third-party software up to date. 
  3. Multi-Factor Authentication (MFA) – Require strong authentication methods. 
  4. Restrict Administrative Privileges – Limit access to essential users only.

 

High-Impact Cyber Hygiene Defenses 

Based on industry research and real-world case studies, Tarala outlines key cyber hygiene priorities for organizations: 

  1. Application Control (Whitelisting) “If you could only do one thing to improve your security, implement application control.” 
  • Prevents unauthorized applications, malware, and scripts from running. 
  • More effective than traditional antivirus solutions. 
  • Supported by tools like Microsoft AppLocker, Windows Defender Application Control, and ThreatLocker.

 

  1. Comprehensive MFA Implementation
  • MFA should be enforced on all authentication points, not just a few critical applications. 
  • Organizations should avoid SMS-based MFA due to its security weaknesses. 
  • Inventory all authentication systems and track MFA adoption rates.

 

  1. Patch Management Beyond the Operating System
  • Many organizations focus on OS updates but ignore third-party applications. 
  • Business applications like Java, Adobe, and Microsoft Office need regular patching. 
  • Consider third-party patch management tools to automate updates.

 

  1. Network Segmentation & Isolation
  • Workstation-to-workstation communication should be blocked to prevent lateral movement. 
  • Campus networks should be treated like ISP environments, minimizing internal trust. 
  • Implement privatized VLANs to prevent attackers from moving laterally after a breach.

 

  1. Cloud Security Configuration Management
  • Organizations must track who has access to cloud services and how they are configured. 
  • Ensure that IAM permissions, S3 bucket settings, and logging configurations are secure. 
  • Regularly review cloud security policies and automate misconfiguration detection.

 

  1. Secure Development & DevOps Practices
  • Automated security scanning should be integrated into CI/CD pipelines. 
  • Enforce software bill of materials (SBOM) to track vulnerable dependencies. 
  • Adopt DevSecOps principles to embed security into software development lifecycles.

 

Actionable Insights 

  • Perform a cybersecurity gap assessment. Identify missing security controls and prioritize fixes. 
  • Ensure MFA is truly everywhere. Audit authentication logs to detect non-MFA protected accounts. 
  • Implement application control. If your organization hasn’t adopted whitelisting, start now. 
  • Monitor and secure cloud configurations. Cloud misconfigurations are a growing attack vector. 
  • Improve network segmentation. Block unnecessary traffic between workstations and critical servers. 

 

Conclusion 

Cybersecurity isn’t about chasing the latest trends—it’s about doing the basics consistently and effectively. The most impactful security measures are often the least glamorous but have the greatest return on investment. 

Organizations that focus on fundamental cyber hygiene will see significant improvements in their security posture, reducing their risk exposure to the most common cyber threats. 

 

For more insights on this topic, watch the full webcast here.