Highground Cyber: Redefining Cybersecurity and Privacy for SMBs

Highground Cyber

Ken Barnhart, Founder & Principal, Highground CyberKen Barnhart, Founder & Principal
The operational needs of Small and Mid-Market Businesses (SMBs) differ from large enterprises, so do their security and privacy requirements. To put things in perspective, cybersecurity and privacy for SMBs are not just scaled-down versions of programs designed for enterprises and governments. Instead, they are a carefully crafted solution that can handle their specific needs while empowering organizations to mitigate security and privacy bottlenecks.

Serving as a cybersecurity expert for several years, Highground Cyber is uniquely positioned to address this need. Since its inception, the company has been driven by its mission to help SMBs protect their most valuable assets and strengthen their ability to respond to adversity. As a result, team Highground Cyber offers a unique, result-driven approach, where they create action through awareness, protection through partnership, and resilience through reinforcement.

In an interview with CIO Applications, Ken Barnhart, the Founder and Principal at Highground Cyber, shares his insights on how the company leverages its expertise to provide exceptional cybersecurity solutions to clients.

Can you elaborate on Highground Cyber’s unique approach to cybersecurity?

Our approach to cybersecurity has been “reimagined and redesigned” for SMBs. Owing to their need to combat persistent and pernicious cyber threats, SMBs require access to a wide array of skills and technologies. However, they often find themselves in a tough spot when it comes to affording them. To this end, we fractionalize the people, process, and technology into a pre-integrated package designed to work together from day one.

My military experience spurs the inception of this proactive approach. My perspective on cybersecurity is heavily influenced by the time spent serving in the United States Marine Corps during Operations Desert Shield and Desert Storm. While serving in the Gulf, I learned invaluable lessons on the nature of warfighting and operating effectively in a combat environment. These lessons are applicable to the current cyber-war being waged against SMBs. As a result, we need different strategies and tactics and have to reorganize our capabilities. We need to be more proactive and less reactionary. We need to win!

In the light of your experience, what makes cybersecurity increasingly complex and costly for SMBs?

Threat actors are now more capable and sophisticated than ever before. Their greatest advantage is the speed at which they exploit change. Additionally, the Covid-19 pandemic has exacerbated two challenges that were already proving difficult.

The first challenge remains the Cyber Talent Gap. The research found that the cybersecurity industry lost as much talent as it added from the talent pipeline. The added workloads and stress of the pandemic worsened the attrition problem. Consequently, the SMB is dangerously dependent on MSPs, tool vendors, and their VARs for access to cyber talent.

This challenge is the driving force behind the second major issue—more than 50,000 security tool vendors are selling the “silver bullet” solution to every cybersecurity problem, perpetuating the myth of a technology-centered path to victory. Technology alone will never win this fight.

For instance, imagine a military-acquired advanced fighter aircraft deployed to a combat environment without pilots, ground crew, or security forces. How valuable would those fighters be? Wouldn’t the aircraft be effectively useless despite being highly advanced?

Automation and artificial intelligence have a role to play, but technology is only as good as the people who deploy and support it.

For example, our client assessments regularly prove the adage that, “a fool with a tool is still a fool.” The number of environments and systems we find with default passwords and vulnerable configurations is staggering. According to research, 97 percent of cloud systems audited are improperly configured, and over 67 percent of network security systems have vulnerable configurations.

Despite the emerging cybersecurity technological landscape, what leads to the increased vulnerabilities in SMBs?

I think the answer comes back to the cyber talent gap. The SMBs lack access to CISOs and Security Architects. Consequently, there is a lack of coherent strategy and security architecture, so the SMB invests in all these disparate systems that have no interoperability. In fact, according to Cisco research, the average SMB has over a dozen security tools. Because of this, many organizations stumble into a systems integration nightmare, and very few have the experience to rationalize, deconflict, operationalize and train staff on a portfolio of 20+ security tools. At best, this creates a false sense of security. At worst, it creates alert fatigue and staff turnover.

How did the pandemic escalate the challenges?

Three words: Governance, Risk, and Compliance.

Research found that management teams responded to the Covid-19 pandemic with three strategies: rapidly pivoting to work-from-anywhere, accelerating cloud platform adoption, and decentralizing IT away from the corporate HQ. These three responses created seismic shifts in when, where, and how people get work done.

We fractionalize the people, process, and technology into a pre-integrated package that is designed to work together from day one

As SMBs sent workers home to their kitchen tables and spare bedrooms with corporate assets, the C-Suite turned to their IT Manager or MSP and asked this question: how do we keep people working? But in the enterprise space where the GRC teams are more established and experienced, the CISO and CIO got to work answering two additional questions: how do we secure these new workflows, and how do we manage the risk and compliance of this new reality?

According to a recent survey, 52 percent of enterprise organizations are investing heavily in their GRC automation and integration capabilities. Conversely, most SMBs just keep buying whatever security tools their vendors are pitching, doubling down on things like multi-factor authentication, endpoint security, and enhanced detection and response. A recent IDC report showed that breaches and financial losses are rising faster than record spending on security technology. Clearly, this isn’t a winning strategy.

What makes Highground Cyber’s strategy the right fit to mitigate these challenges?

Highground Cyber utilizes a one-two punch combination — Ridgeline and the Virtual Red Team (VRT)—to solve these challenges. The VRT is a bench of cybersecurity professionals who guide you through the implementation of a comprehensive and robust cybersecurity and privacy program. These professionals are available to you on a fractional basis, meaning that their diligent and thorough services cost less than one full time employee. Ridgeline is a multipurpose, web-based tool that draws inspiration from Marine Corps operating doctrine, functioning as a selfcontained Combat-information-center for the SMB. It serves as the primary conduit through which you interact with the VRT; it houses a collection of automated workflows that streamline operations; and finally, it serves as a reporting engine that monitors program health at the strategic and tactical levels. This one-two punch combination is referred to as the Highground Advantage, and it ensures SMBs have everything they need and nothing they don’t. Our results speak for themselves. Partners see an average reduction of 90 percent in their attack surface, an 85 percent reduction in the number of failed phish tests, and information security frameworks are deployed in half the projected time. Additionally, not one of our partners has fallen victim to a zero-day attack in 2020 or 2021. Let us help you get to high ground.

Read Also



Featured Vendors