Yesterday we reported on the Microsoft email service hack which went on for three months with notice coming to user only this month. Users who had email accounts from @msn.com, @hotmail.com, and @outlook.com were affected by the hack. According to Microsoft, the hack occurred between January 1st and March 28th of this year.

Microsoft did say that email login credentials were not directly impacted by the breach but they do suggest a password change for those who were impacted. Breaches such as this often stir up what good security practices look like and the folks over at Centrify believe that Zero Trust Privilege is the way to go for enterprise users. Andy Smith is the VP of marketing at Centrify and he provided this statement expanding on the company’s thoughts:

Cyber attackers long ago discovered that the easiest way to gain access to sensitive data is via weak, default or otherwise compromised credentials. In fact, a recent Centrify study found that privileged credential abuse is involved in almost three out of every four breaches.

Privileged account access provides cyber adversaries with the “keys to the kingdom” and a perfect camouflage for their data exfiltration efforts. FireEye’s annual M-Trends report says the global median dwell time that attackers remain undiscovered in your network is 101 days. Organizations have to assume that bad actors are in their networks already, which is why the recent groundswell around Zero Trust is gaining momentum.

Simple static passwords are not enough, especially for sensitive company data. Now is the time to move to a Zero Trust approach, powered by additional security measures such as multi-factor authentication (MFA), to stay ahead of the security curve.

With static passwords, how are you supposed to know if the user accessing data is the valid user or just someone who bought a compromised password from the 21 million that were revealed in the Collections #1 breach? You cannot. You can’t trust a static password anymore; MFA is the lowest hanging fruit for protecting against compromised credentials.

Zero Trust Privilege helps enterprises grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

A Zero Trust Privilege stance ensures all access to services must be authenticated, authorized and encrypted. Zero Trust Privilege can help companies avoid becoming the next breach headline, including the damage to brand, customer loss, and value degradation that typically comes with it.

Andy Smith VP marketing at Centrify


There’s no doubt that security is a huge deal these days and enterprise users need to consider all of the options. Protecting enterprise assets and user assets is more important than ever and perhaps ZTP is the way?

What do you think? Let us know in the comments below or on Twitter, or Facebook. You can also comment on our MeWe page by joining the MeWe social network.





READ SOURCE

SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here