A lot of effort goes into a company’s perimeter security - making sure that the bad guys don’t get into the network. But as we’ve seen, security isn’t 100% perfect 100% of the time - once the bad guys get in (through phishing or malware), it becomes easier for them to move around and go for the good stuff - the root-level credentials for IT admins and other high-value roles.
In the latest episode of Security Sessions, I spoke with John Worrall from CyberArk about the different types of credentials, how hackers can get around once they’re inside the network, and where strong passwords and multi-factor authentication makes the most sense.
Among the highlights of the video are the following sections:
00:50 A description of privileged accounts and why they’re not created equal.
2:25 Examples of high-profile data breaches where privileged accounts were stolen and used by hackers.
3:18 How hackers use privileged credentials to move around the network once they’ve gotten in through other methods.
4:17 Protecting credentials through stronger passwords - is this helping (long passwords) or hurting (Post-It Note syndrome) a company’s security strategy?
5:26 The role of multi-factor authentication and why we’re not seeing this at more companies.