Expert Comments On Microsoft Bug Shows Importance Of Zero Trust

A recently revealed bug in Microsoft’s login systems shows how dangerous trusting known vendors can be for enterprise cybersecurity. Though many employees are wary of emails from unfamiliar sources, hackers can just as easily create fake websites or emails that imitate trusted apps or companies. Combined with single sign-ons for third party websites, victims can reveal confidential information without any idea of the danger.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Sudhakar Ramakrishna
InfoSec Expert
December 4, 2019 2:16 pm

Vulnerabilities such as the Microsoft login bug illustrate the need to advance Zero Trust access capabilities in the enterprise. While companies have attempted to inform employees not to click on suspicious emails, hackers are circumventing this awareness by exploiting flaws in trusted apps or by creating fraudulent websites that mimic trusted entities. Victims can expose their login credentials simply by visiting a fake website or clicking a seemingly innocuous link from a trusted source, allowing hackers to access their accounts without them ever realizing – in this case, capturing Microsoft access tokens. With Zero Trust, the enterprise can increase user and the device verification, and add additional authentication factors depending on the context of the request, to prevent hackers with stolen credentials from accessing secured systems even with a credible login. Zero Trust also requires continuous re-verification of all users, applications and devices, so even “trusted” sources are consistently vetted, thereby making it significantly more difficult for hackers to successfully imitate an app or user.”

Last edited 2 years ago by Sudhakar Ramakrishna
1
0
Would love your thoughts, please comment.x
()
x