All credentials are NOT created equal

In this edition of Security Sessions, we discuss company credentials (usernames, passwords) and how hackers are going for the Holy Grail - privileged account access - to gain access to corporate data

iphone apple fbi passcode

A lot of effort goes into a company’s perimeter security - making sure that the bad guys don’t get into the network. But as we’ve seen, security isn’t 100% perfect 100% of the time - once the bad guys get in (through phishing or malware), it becomes easier for them to move around and go for the good stuff - the root-level credentials for IT admins and other high-value roles.

In the latest episode of Security Sessions, I spoke with John Worrall from CyberArk about the different types of credentials, how hackers can get around once they’re inside the network, and where strong passwords and multi-factor authentication makes the most sense.

Among the highlights of the video are the following sections:

00:50 A description of privileged accounts and why they’re not created equal.

2:25 Examples of high-profile data breaches where privileged accounts were stolen and used by hackers.

3:18 How hackers use privileged credentials to move around the network once they’ve gotten in through other methods.

4:17 Protecting credentials through stronger passwords - is this helping (long passwords) or hurting (Post-It Note syndrome) a company’s security strategy?

5:26 The role of multi-factor authentication and why we’re not seeing this at more companies.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.