Aberdeen’s model demonstrates that proactively managing privileged access quantifiably reduces the risk of a data breach by up to 80%.
One of the common characteristics of many Silicon Valley companies is the singular goal of getting to an exit. But another common thread is the low value these companies give to IT security.
Stolen passwords are the leading cause of hacking-related data breaches. To discuss what can be done to mitigate this security vulnerability, Identity Week spoke with Steve Tout, CEO of VeriClouds.
Two years removed from the announcement of the attack, we can now take a look at the lessons we learned from the OPM data breach.
Cyber intruders now use in-country assets to mask their location, making attribution challenging. If the state actor has a grudge that they want to air, then they will use their own addresses to get their message across to the company and government.
The problem is not with the employees or IT itself. It’s with the CEO and Board of Directors who are not aware of risks and the solutions that can minimize consequences in the cyber security space.
The lesson from the Panama Papers leak is that it is up to the client to inspect the cyber warfare capabilities of their law firm. If there is little to show, then they should consider their confidentiality blown.
Cyber security programs have, for the most part, been wall building exercises. IT security leaders and practitioners have posited that if we prevent the punks and professional bad guys from breaching the walls, then the rest is less important. That may have been the case a decade ago, but the era of mobile, cloud, constant access, and apps everywhere has turned the walls into sieves...
We’ll likely never eliminate all security threats, but with a sound, layered cyber security approach we can reduce their impact. And when it comes to mitigating the risks of negligent insiders, organizations need to move beyond basic IT security training and look for ways to limit the damage.
Criminal hackers and nation-state attackers don’t care what time of year it is. They won’t respect your IT freeze, so continuous security improvement and continuous compliance needs to occur 365 days a year. Besides, if a retailer’s existing security solution is taking years to implement, perhaps they need to discard that product rather than stopping and starting a security project based solely on the time of year.