Expert Profile: Christopher Glyer

Leading with identity-focused solutions including enforcing multifactor authentication (MFA), adopting passwordless solutions, and creating conditional access policies for all users dramatically improves protection for devices and data, particularly as hybrid work continues to create scenarios where remote access, user roles, and physical locations vary. These solutions help organizations better control access to business-critical information and identify potentially anomalous activity.

The point is to place a higher security premium on identity, which in turn lets you tighten access privileges linked to those stronger authentications, minimizing the risk of an unauthorized login having unchecked consequences, Glyer explains.

“Attackers are always raising the bar,” Glyer adds. “Fortunately, there are a lot of tools organizations can leverage as they conduct tabletop or red team exercises that may reveal gaps or limitations in their identity and other security controls.”

Glyer says a focus on finding weaknesses in identity is a common attack tactic shared by many threat actors, cybercriminals, and nation-state actors, alike.

“If you look at a more macro trend over time, nation-states are going to leverage cyberattacks for espionage more frequently,” he explains.

“I think you’re going to see the number of players involved leveraging these capabilities continue to rise, because the intelligence gains are potentially quite large, versus the cost of executing these attacks. Having secure identity protections, whether it’s MFA, passwordless, and other defenses like conditional access policies, minimize that opportunity and make it much harder to raise the attack bar. Securing those identities is key.”