Russell Safirstein, Redpoint: “coming back from a breach is a heavy lift”
With businesses switching to a remote environment, there was an increase in the need for more protection measures. That’s because working from home caused cybercriminals to have a bigger attack surface due to using home devices and different networks.
Companies of any size can be attacked by cyber felons, meaning they can experience such threats like a data breach. It can result in losing major amounts of money or the brand’s reputation being ruined.
For regular users, various cybersecurity solutions, such as Virtual Private Networks (VPNs), exist. However, companies are in need of more complex measures, including Cyber Breach response, Proactive Cyber, and Cloud Security services.
That’s why we invited Russell Safirstein, the CEO of Redpoint – a company that specializes in such cybersecurity solutions, to discuss their benefits and what they are.
Tell us about your story. How did Redpoint originate?
In 2017, Anchin had a vision and understood where digital risk and cyber were going and created Redpoint Cybersecurity to bolster its advisory services. By 2019, Anchin identified that Redpoint hadn’t reached its potential as a security engineering firm. The firm’s leadership asked me to reshape what Redpoint 2.0 was going to be.
The first step was visualizing what was going to make Redpoint stand out in a crowded market. Redpoint’s “Military Grade Cyber” put a human-led, technology-enabled workforce in play with an offensive-focused market mindset toward the breach response field delivering services to our clients and partners. Our team’s expertise spans the defense, intelligence, and Fortune 500, providing commercial and government clients with cutting-edge solutions to fight emerging cyber threats. For example, we now “Hunt the Hunter®.”
Can you tell us a little bit about what you do? What challenges do you help navigate?
We service three core clients – the company that got breached, the cyber insurance carrier, and the data privacy law firms. Our biggest challenge is balancing the needs of all three parties. Redpoint Cyber services focus on three core areas: Breach Response Services, Redpoint Lab, and Cyber Risk Advisory.
Breach Response Services are best equated to a highly skilled fire department. As organizations are attacked, they need experts in a number of technical disciplines to assist them and the various parties who are engaged to address the incident. We work closely with breach counsel, attorneys who are experts in data privacy and breach notification laws, often called “breach coaches,” who use our highly-trained forensic experts to identify if data and information were stolen. Many of our clients are covered by cyber insurance, so our team works with various claims and underwriting teams to minimize their risk and exposure. The end client typically needs triage and investigative support early on that requires various tools to monitor and assess the networks. Our team is also part of getting end clients back up to a steady state – meaning rebuilding networks and systems under a very tight timeline. The bottom line is that we’re a comprehensive delivery company.
Redpoint Labs is where we developed our “Hunt the Hunter” strategy. Threat hunting is critical to identify not only indicators of compromise but also persistence mechanisms that threat actors use to maintain footholds before the actual attack. Also, the Redpoint Labs team has several ethical hackers onboard who regularly perform penetration tests and provide threat intelligence to our clients so that they can react proactively to the current threat landscape. This is also where our team is actively developing cutting-edge tools.
As companies navigate digital transformation, new business models, regulation, and the evolving risk and threat landscape, unique risks, and cyber vulnerabilities are now the norm. Redpoint can prepare an organization to quickly adapt to these changes and take action to defend against the threats.
Cyber Risk Advisory Services team members assist clients in assessing their security program maturity, where they stand in relation to regulatory compliance and corporate governance best practices, virtual CISO roles, and digital transformation efforts, such as cloud migrations.
What does the recovery process after an incident usually look like?
The reason people chose Redpoint is that we’re a comprehensive delivery company. We make sure that the organization resumes work and that the insurance carrier can limit its exposure for business interruption and the breach counsel can properly assess the nature and extent of the breach and any related disclosure notifications. Most of the companies in our industry provide subsets of these services. What makes us unique is that we provide the whole range of services.
Coming back from a breach is a heavy lift. We typically go from not knowing a client to having to jump into the fire almost immediately. Here’s a common example:
How do you think the pandemic influenced the ways in which threat actors operate?
First, the threat vectors have totally changed due to the pandemic. The work from home (WFH) and hybrid model have decentralized the technology footprint that IT organizations need to address. Secondly, the need to preach vigilance as the “human factor” is critical. Our use patterns have changed and there was a significant increase in business email compromises as employees were too quick to click a link or became too trusting. Thirdly, the growth and ease of the rise of threat actors. Easy money and ransomware as a service have continued to build the threat actor community significantly.
In the age of frequent cyberattacks, do you think small businesses and big enterprises require the same security measures?
Yes – whether you’re big or small, you must fight off complacency. Threats continue to get more serious, so technology has to continue developing, and people have to constantly be trained on best practices. The best basic security practices are common throughout all industry types. We have released the “Essential 8” which outlines the foundation of security practices. Good cyber hygiene includes regularly changing your password to something complex and having multi-factor authentication, even on your personal accounts and devices.
In your opinion, what are the worst cybersecurity habits that make companies attractive targets for hackers?
The prevalence of attacks against small and midsize businesses has risen greatly over the last few years. They are easy targets, as they often don’t have the most basic security controls in place. Even large companies don’t often update their systems in a timely manner. Large and small companies need to regularly assess their cyber risk postures and adjust their budgets accordingly.
Cybersecurity is a journey, and the target is constantly moving. Our team focuses on providing regular and ongoing security checkups as well as offensive operations.
You often emphasize the importance of proactive threat hunting. Can you briefly describe this practice?
Active threat hunting is critical for organizations. Each week brings headlines that highlight massive data breaches. The one thing they all have in common is the victim’s dependency on the same old layers of security. At Redpoint, we’ve developed Hunt The Hunter®. Offensive cybersecurity strategies preemptively identify vulnerabilities and security weaknesses before an attacker exploits them. Offensive cybersecurity teams actively test the network’s defenses and provide valuable insights into an organization’s cybersecurity posture.
What new threats do you think the public should be ready to take on in the next few years? What security tools should be implemented?
There are two major areas of concern. Legacy systems and the public sector vulnerability are both areas of concern. So many times we go into an organization that has been compromised and find their asset inventory has many “end of life” machines, such as Windows 7 or servers. Why? “We were going to get to it” or similar excuses are given. Budgets, overworked IT workers, and remote work all impact these vulnerabilities. The same is often true in the public sector.
Tools and tactics need to be implemented to thwart the constantly changing cyber threats. Nearly every day we hear about new (and old) types of attacks. As long as it’s profitable and disruptive, the attacks will continue.
Share with us, what’s next for Redpoint?
Preventing cybersecurity breaches is a major U.S. problem. During the first half of 2021, there were 227 million attacks according to reputable reports. The next largest country was the UK with 14 million. We’re a target. We have to do it together.
Redpoint intends to take a leadership position and work with our partners and clients to develop the best and most advanced strategies. We must be proactive and offensively minded. Redpoint’s future is bright. As we expand into new services, both commercial and governmental, we have a powerful team and excellent partners to get us there. My role is to bring that vision to light, build stronger partner relationships, and continue to hire the best and the brightest talent.