Cybersecurity Experts On CISA Announcement On Hackers Bypassing MFA To Access Cloud Services

As part of our “dot your expert comments” series, cybersecurity experts reacted below on the removal of Chris Krebs as Director of CISA. A Change.org open letter thanking Christopher Krebs for his service is at: https://www.change.org/chriskrebs.

Experts Comments

November 18, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
The dismissal of Christopher Krebs as Director of the Cybersecurity and Infrastructure Security Agency is political, surreal, and disheartening. We in the cybersecurity community are deeply committed to identifying and preventing or blocking all threats to the best of our ability, including misinformation and disinformation. Chris Krebs and the CISA team have done a singularly brilliant job, and done it transparently, under what has been one of the most divisive and fraught election cycles in.....Read More
The dismissal of Christopher Krebs as Director of the Cybersecurity and Infrastructure Security Agency is political, surreal, and disheartening. We in the cybersecurity community are deeply committed to identifying and preventing or blocking all threats to the best of our ability, including misinformation and disinformation. Chris Krebs and the CISA team have done a singularly brilliant job, and done it transparently, under what has been one of the most divisive and fraught election cycles in our Country’s history. CISA's role was to be the organization that works closely with all stakeholders - industry, public sector and the American people – and to help keep the US ahead of cybersecurity threats, both those in the form of attacks and of misinformation campaigns. Chris and the team have done a brilliant job in protecting this Country, and fully realized that their jobs were at potential risk for doing so. Many in the cybersecurity community are deeply disappointed and more than a bit nervous.  Read Less
January 15, 2021
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin

Security culture and maintaining security consciousness with your entire organization and/or end-users is critical not just for identifying and responding to security threats but following security processes. Access control processes of provisioning and de-provisioning are great examples that need conscious focus and attention to ensure only those that have a business requirement for access have access and their access is approved, reviewed and monitored per the access control principles of

.....Read More

Security culture and maintaining security consciousness with your entire organization and/or end-users is critical not just for identifying and responding to security threats but following security processes. Access control processes of provisioning and de-provisioning are great examples that need conscious focus and attention to ensure only those that have a business requirement for access have access and their access is approved, reviewed and monitored per the access control principles of authentication, authorization and assurance principles.

  Read Less
January 15, 2021
Eyal Wachsman
CEO
Cymulate

User authentication and credentials have become the new enterprise security perimeter, and with many working remotely and accessing cloud services, they have become a lucrative target for attacks. Pass-the-Cookie attacks require a successful breach of the end user's workstation, and whether they are a personal device or an organization’s, assets have become a headache to secure for CISOs. They are challenged to enforce patching on these workstations and detection systems are blindsided with

.....Read More

User authentication and credentials have become the new enterprise security perimeter, and with many working remotely and accessing cloud services, they have become a lucrative target for attacks. Pass-the-Cookie attacks require a successful breach of the end user's workstation, and whether they are a personal device or an organization’s, assets have become a headache to secure for CISOs. They are challenged to enforce patching on these workstations and detection systems are blindsided with partial visibility leaving them extremely vulnerable. Adding to the mix are well crafted Spear Phishing attacks that introduce malware or steal credentials through social engineering. To prevent these attacks companies need to increase security awareness to phishing attempts, employees should logout from cloud services when they are not using them and the services should be set to automatically kill sessions that are inactive, even for short periods of time. Becoming aware of your security posture is critical to discover and fix the weaknesses they find.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts