All credentials are NOT created equal

In this edition of Security Sessions, we discuss company credentials (usernames, passwords) and how hackers are going for the Holy Grail - privileged account access - to gain access to corporate data

iphone apple fbi passcode

A lot of effort goes into a company’s perimeter security - making sure that the bad guys don’t get into the network. But as we’ve seen, security isn’t 100% perfect 100% of the time - once the bad guys get in (through phishing or malware), it becomes easier for them to move around and go for the good stuff - the root-level credentials for IT admins and other high-value roles.

In the latest episode of Security Sessions, I spoke with John Worrall from CyberArk about the different types of credentials, how hackers can get around once they’re inside the network, and where strong passwords and multi-factor authentication makes the most sense.

Among the highlights of the video are the following sections:

00:50 A description of privileged accounts and why they’re not created equal.

2:25 Examples of high-profile data breaches where privileged accounts were stolen and used by hackers.

3:18 How hackers use privileged credentials to move around the network once they’ve gotten in through other methods.

4:17 Protecting credentials through stronger passwords - is this helping (long passwords) or hurting (Post-It Note syndrome) a company’s security strategy?

5:26 The role of multi-factor authentication and why we’re not seeing this at more companies.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web