Expert Comments

Cybersecurity Experts On CISA Announcement On Hackers Bypassing MFA To Access Cloud Services

Expert(s): ISBuzz Staff
Expert(s): ISBuzz Staff

As part of our “dot your expert comments” series, cybersecurity experts reacted below on the removal of Chris Krebs as Director of CISA. A Change.org open letter thanking Christopher Krebs for his service is at: https://www.change.org/chriskrebs.

Experts Comments

November 18, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
The dismissal of Christopher Krebs as Director of the Cybersecurity and Infrastructure Security Agency is political, surreal, and disheartening. We in the cybersecurity community are deeply committed to identifying and preventing or blocking all threats to the best of our ability, including misinformation and disinformation. Chris Krebs and the CISA team have done a singularly brilliant job, and done it transparently, under what has been one of the most divisive and fraught election cycles in.....Read More
The dismissal of Christopher Krebs as Director of the Cybersecurity and Infrastructure Security Agency is political, surreal, and disheartening. We in the cybersecurity community are deeply committed to identifying and preventing or blocking all threats to the best of our ability, including misinformation and disinformation. Chris Krebs and the CISA team have done a singularly brilliant job, and done it transparently, under what has been one of the most divisive and fraught election cycles in our Country’s history. CISA's role was to be the organization that works closely with all stakeholders - industry, public sector and the American people – and to help keep the US ahead of cybersecurity threats, both those in the form of attacks and of misinformation campaigns. Chris and the team have done a brilliant job in protecting this Country, and fully realized that their jobs were at potential risk for doing so. Many in the cybersecurity community are deeply disappointed and more than a bit nervous.  Read Less
January 15, 2021
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin

Security culture and maintaining security consciousness with your entire organization and/or end-users is critical not just for identifying and responding to security threats but following security processes. Access control processes of provisioning and de-provisioning are great examples that need conscious focus and attention to ensure only those that have a business requirement for access have access and their access is approved, reviewed and monitored per the access control principles of

.....Read More

Security culture and maintaining security consciousness with your entire organization and/or end-users is critical not just for identifying and responding to security threats but following security processes. Access control processes of provisioning and de-provisioning are great examples that need conscious focus and attention to ensure only those that have a business requirement for access have access and their access is approved, reviewed and monitored per the access control principles of authentication, authorization and assurance principles.

  Read Less
January 15, 2021
Eyal Wachsman
CEO
Cymulate

User authentication and credentials have become the new enterprise security perimeter, and with many working remotely and accessing cloud services, they have become a lucrative target for attacks. Pass-the-Cookie attacks require a successful breach of the end user's workstation, and whether they are a personal device or an organization’s, assets have become a headache to secure for CISOs. They are challenged to enforce patching on these workstations and detection systems are blindsided with

.....Read More

User authentication and credentials have become the new enterprise security perimeter, and with many working remotely and accessing cloud services, they have become a lucrative target for attacks. Pass-the-Cookie attacks require a successful breach of the end user's workstation, and whether they are a personal device or an organization’s, assets have become a headache to secure for CISOs. They are challenged to enforce patching on these workstations and detection systems are blindsided with partial visibility leaving them extremely vulnerable. Adding to the mix are well crafted Spear Phishing attacks that introduce malware or steal credentials through social engineering. To prevent these attacks companies need to increase security awareness to phishing attempts, employees should logout from cloud services when they are not using them and the services should be set to automatically kill sessions that are inactive, even for short periods of time. Becoming aware of your security posture is critical to discover and fix the weaknesses they find.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts