Skip to main content

Cybersecurity Is Not a Light Switch

| Nitin Natarajan

In today’s threat landscape, defending against nation-state actors and cybercriminals is more important than ever. The global cybersecurity environment is increasingly complex, with adversaries moving more quickly to exploit newly disclosed vulnerabilities, target cloud services and user identities, and use ransomware, extortion, and disruptive attacks to pressure organizations of every size. This is even more critical during times of geopolitical conflict, natural disaster, or other crises where our adversaries may think we have taken our eyes off the ball. Over the last several years, small and medium-sized businesses and governments have become common targets for our adversaries. Even sectors such as healthcare, water utilities, schools, and other critical infrastructure are no longer off-limits. These organizations are often already facing challenges in staffing and resources to adequately protect their systems and networks. These challenges are magnified by the dependence on third-party systems and the risks associated with incomplete third-party security assessments and re-assessments. As attackers increasingly combine phishing, credential theft, software exploitation, and supply-chain intrusion techniques, even a single weak point can create operational, financial, and reputational consequences across an organization and its partners.

While asking small organizations to protect themselves against well-resourced nation-states and cybercriminal enterprises seems practically unfair, there are several basic steps that organizations can take to strengthen their cyber defenses. Government entities have created lists of impactful no-cost and low-cost steps that organizations can take to strengthen their cyber resilience, such as CISA’s guidance to small and medium-sized businesses, FBI’s Winter SHIELD initiative, Australian Cyber Security Centre’s Essential Eight, and NIST’s Small Business Cybersecurity Corner.

The marketplace for solutions and services for small and medium-sized organizations has also grown over the last few years. More vendors are targeting tools specifically to these audiences, including managed detection and response, network anomaly detection, email security, endpoint protection, secure backup, identity and access management, and vulnerability management offerings that are simpler to deploy and maintain than traditional enterprise platforms. These tools are often easier to use, geared towards organizations who may not have deep technical expertise, and are priced more economically than larger enterprise solutions. In many cases, security features that were once available only to large organizations are now bundled into common business software and cloud services, making it more practical for smaller organizations to improve baseline security without building a large internal team. This includes network detection capabilities that have traditionally been out of reach for smaller organizations. Purpose-built commercial tools are now making that same class of detection more accessible, without the operational complexity that once made enterprise network detection and response (NDR) impractical for teams without dedicated security staff.

Utilization of AI has also made monitoring networks, identifying suspicious activity, and prioritizing potential remediation actions easier. When evaluating AI solutions for your organization, prioritize tools that ensure data privacy, offer user-friendly interfaces, and maintain transparency by clearly explaining the reasoning behind their recommendations. For network monitoring specifically, look for tools whose AI establishes a baseline of what normal traffic looks like for your specific environment rather than relying solely on static threat signatures. Threats like lateral movement, data exfiltration, and command-and-control activity produce behavioral patterns in network traffic that rules-based tools can miss. AI that learns your network’s normal patterns can surface those anomalies earlier and with more relevant context. Also consider whether the tool processes data locally or sends traffic to an external platform for analysis, as this has direct implications for data privacy and regulatory exposure. Organizations should also consider how AI tools handle sensitive business information, whether they integrate well with existing systems, and whether there is appropriate human oversight to validate alerts and recommended actions before taking major operational steps.

I often say that there is a role in cybersecurity for everybody, and we need everybody to play their role. Whether you are a user or responsible for cybersecurity in your organization, there are steps you can take every day to build your resilience against cyberattacks. Do not look at the issue as a light switch that is either on or off, but rather as a bank of dimmer switches where you are moving at least one switch in the upward direction daily. Over time, you will build resilience across your enterprise and make it harder for our adversaries to conduct attacks and minimize the impacts of attacks if they do occur.

Nitin Natarajan, Former Deputy Director, CISA

Guy Howard, Chief AI Engineer, IntelliGenesis LLC