Expert Comments

Cybersecurity Experts On CISA Announcement On Hackers Bypassing MFA To Access Cloud Services

Expert(s):
Expert(s): Published: Last Updated on

As part of our “dot your expert comments” series, cybersecurity experts reacted below on the removal of Chris Krebs as Director of CISA. A Change.org open letter thanking Christopher Krebs for his service is at: https://www.change.org/chriskrebs.

Experts Comments

Dot Your Expert Comments
Chloé Messdaghi
November 18, 2020
VP of Strategy
Point3 Security

Chris Krebs and the CISA team have done a singularly brilliant job.
The dismissal of Christopher Krebs as Director of the Cybersecurity and Infrastructure Security Agency is political, surreal, and disheartening. We in the cybersecurity community are deeply committed to identifying and preventing or blocking all threats to the best of our ability, including misinformation and disinformation. Chris Krebs and the CISA team have done a singularly brilliant job, and done it transparently, under what has been one of the most divisive and fraught election cycles in.....Read More
The dismissal of Christopher Krebs as Director of the Cybersecurity and Infrastructure Security Agency is political, surreal, and disheartening. We in the cybersecurity community are deeply committed to identifying and preventing or blocking all threats to the best of our ability, including misinformation and disinformation. Chris Krebs and the CISA team have done a singularly brilliant job, and done it transparently, under what has been one of the most divisive and fraught election cycles in our Country’s history. CISA's role was to be the organization that works closely with all stakeholders - industry, public sector and the American people – and to help keep the US ahead of cybersecurity threats, both those in the form of attacks and of misinformation campaigns. Chris and the team have done a brilliant job in protecting this Country, and fully realized that their jobs were at potential risk for doing so. Many in the cybersecurity community are deeply disappointed and more than a bit nervous.  Read Less
Niamh Muldoon
January 15, 2021
Senior Director of Trust and Security EMEA
OneLogin

Access control processes of provisioning and de-provisioning are great examples that need conscious focus.

Security culture and maintaining security consciousness with your entire organization and/or end-users is critical not just for identifying and responding to security threats but following security processes. Access control processes of provisioning and de-provisioning are great examples that need conscious focus and attention to ensure only those that have a business requirement for access have access and their access is approved, reviewed and monitored per the access control principles of

.....Read More

Security culture and maintaining security consciousness with your entire organization and/or end-users is critical not just for identifying and responding to security threats but following security processes. Access control processes of provisioning and de-provisioning are great examples that need conscious focus and attention to ensure only those that have a business requirement for access have access and their access is approved, reviewed and monitored per the access control principles of authentication, authorization and assurance principles.

  Read Less
Eyal Wachsman
January 15, 2021
CEO
Cymulate

Pass-the-Cookie attacks require a successful breach of the end user's workstation.

User authentication and credentials have become the new enterprise security perimeter, and with many working remotely and accessing cloud services, they have become a lucrative target for attacks. Pass-the-Cookie attacks require a successful breach of the end user's workstation, and whether they are a personal device or an organization’s, assets have become a headache to secure for CISOs. They are challenged to enforce patching on these workstations and detection systems are blindsided with

.....Read More

User authentication and credentials have become the new enterprise security perimeter, and with many working remotely and accessing cloud services, they have become a lucrative target for attacks. Pass-the-Cookie attacks require a successful breach of the end user's workstation, and whether they are a personal device or an organization’s, assets have become a headache to secure for CISOs. They are challenged to enforce patching on these workstations and detection systems are blindsided with partial visibility leaving them extremely vulnerable. Adding to the mix are well crafted Spear Phishing attacks that introduce malware or steal credentials through social engineering. To prevent these attacks companies need to increase security awareness to phishing attempts, employees should logout from cloud services when they are not using them and the services should be set to automatically kill sessions that are inactive, even for short periods of time. Becoming aware of your security posture is critical to discover and fix the weaknesses they find.

  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Fake App Attacks On The Rise, As Malware Hides In...

Expert On Study That Brits Using Pets’ Names As Online...

Expert Reaction On Europol Publishes Its Serious And Organised Crime...

Fake Netflix App Allows Hackers to Hijack WhatsApp

Hackers Pretend To Be Your Friend In The Latest WhatsApp...

Millions Of Brits Still Using Pet’s Names As Passwords Despite...

Advertised Sites May Appear Genuine On First Glance

Facebook Ran Ads For Malware-ridden ‘Clubhouse for PC’

Linkedin Data Of 500 Million Users Being Sold Online

Experts Comments On Identity Management Day – Tuesday 13th April