Hi, what are you looking for?
Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done?
By
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email
The world has been taught numerous life lessons over the last couple of years, but it’s clear that millions of people still haven’t learned one of the most basic when it comes to security. A report from NordPass has revealed that millions of people still haven’t broken the habit of using easy-to-remember, but easy-to-hack passwords. Of the 200 most common passwords, ‘password’ took the number one spot, but unfortunately for the more than four million people using it, it can be broken in less than a second. Other popular passwords included ‘guest’ and the ever-so-creative ‘123456’. When it comes to breaches, all roads still lead to identity. Hackers don’t hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done?
Typically, hackers seek the path of least resistance and target the weakest link in the cyber defense chain ― humans. Consequently, most of today’s data breaches are front-ended by credential harvesting campaigns, followed by credential stuffing attacks. Once inside, hackers can fan out and move laterally across the network, hunting for privileged accounts and credentials that help them gain access to an organization’s most critical infrastructure and sensitive data. In fact, a study by the Identity Defined Security Alliance (IDSA) reveals credential-based data breaches are both ubiquitous (94% of survey respondents experienced an identity-related attack) and highly preventable (99%).
Today’s economic climate exacerbates these cyber risks, and the impact of the COVID-19 pandemic has led to an acceleration in digital transformation and technical change that will further stress-test organizations’ dependency on passwords. This creates new challenges in minimizing access-related risks across traditional datacenters, cloud, and DevOps environments. As a result, organizations need to look beyond usernames and passwords when it comes to granting access to valuable data and critical systems. While employee education and training can help, what’s needed are additional measures to ensure secure access…which is what Zero Trust Network Access (ZTNA) provides.
ZTNA solutions create an identity- and context-based, logical access boundary around an application or a set of applications. Access is granted to users based on a broad set of factors, for instance, the device being used, as well as other attributes such as the device posture (e.g., if anti-malware is present and functioning), time/date of the access request, and geolocation. Upon assessing the contextual attributes, the solution then dynamically offers the appropriate level of access at that specific time. As there is a constant change in the risk levels of users, devices, and applications, access decisions are made for each individual access request.
Roadmap to Success
When it comes to implementing emerging technologies like ZTNA, it is always important to listen to the early adopters, as they can provide insights into key factors to success and help avoid pitfalls. Organizations that have recently adopted ZTNA report the following key factors were critical to their success:
While there are a variety of paths to break the dependency on passwords, ZTNA allows organizations to minimize their attack surface while ensuring the productivity of their remote workforce.
Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).
How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.
Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make for successful board members.
A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.
Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies
XDR’s fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email
NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.
Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December…
Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet
Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,…
Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.
Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).
Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to…
Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50…
Got a confidential news tip? We want to hear from you.
Reach a large audience of enterprise cybersecurity professionals
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Copyright © 2023 Wired Business Media. All Rights Reserved.