expert-profile | Information Security Buzz

Todd Peterson

IAM evangelistfeature_status*/ ?>

One Identity

Comments Dotted : 5

July 16, 2020

Experts Insight On Major US Twitter Accounts Hacked in Bitcoin Scam

Touching such high profile Twitter accounts should be tied to an approval process.

Providing great customer support for high profile customers means IT administrators need privileged access to their accounts - to help reset passwords and to help clear up after an account takeover. However, with this great power comes great responsibility - and it takes only one bad admin to create global chaos by abusing their privileged access. Touching such high profile Twitter accounts should be tied to an approval process, where a single person can not act alone, without a detailed explanation and an approval by a superior. A modern record-and-review monitoring system would have also stopped the lone actor in their tracks by flagging the highly unusual activity and helping to retrace and undo their steps. Read Less

October 22, 2019

COMMENT: Equifax Used Default ‘Admin’ User Name And Password To Secure Hacked Portal

Organisations should not treat database security any differently from other security.

This simply reinforces the notion that good Privileged Access Management practices are the best defense against bad actors. Had the Equifax breach been the result of an extremely smart and motivated hacker doing something amazing to get the data, that would have been one thing. But since it’s the case of the target ignoring the bare-minimum of best practices and paying a significant price for the oversight, what happened is alarming. In the case of Equifax, simply doing what’s right (which would have taken about 1 minute to implement) would have saved the company from a world of trouble. Organisations should not treat database security any differently from other security. For instance, they should avoid sharing the admin password. In circumstances when the admin password is issued, they need to make sure they know who it was issued to, for what purpose, and that this has been documented. When employees have admin access, their actions need to be monitored. Finally, organisations must implement analytics to determine if and when someone may have gained admin access without their knowledge or permission. To maintain these protocols, organisations should implement a comprehensive and well-designed PAM program and ensure that it includes databases and DBAs along with all other privileged users and admin accounts across all systems. Read Less

October 03, 2019

‘Shocking In Its Sophistication’: How Hackers Targeted ANU Student Data – Experts Comments

This is particularly in the case of higher education institution which are at risk as a result of maintaining old computers.

In 2018 it took just 16 minutes for the first click to occur on a phishing email. As such, it is worrying that in 2019, that timeframe has not lengthened at all. Whilst advanced privileged access management systems and two factor authentication may be used correctly by organisations, newly developed infected emails can still pass the defence line and enter a network. With this in mind, it is important that identity and access management systems and processes are current, with the fast moving nature of these hacks, it is vital organisations keep up. This is particularly in the case of higher education institution which are at risk as a result of maintaining old computers and old systems that house significant amounts of valuable personal data which can be sold on the black market. Read Less

September 16, 2019

Experts Comments: Personal Records Of Most Of Ecuador’s Population Leaked

Server misconfigurations are on the news every week, and in some cases lead to massive data leaks.

This case further illustrates how organisations of all kinds are still getting security wrong because generally, security is a hassle to their business. No one likes entering user IDs and passwords and even fewer like entering the second factor of authentication that should be used by all organisations. Server misconfigurations are on the news every week, and in some cases lead to massive data leaks, such as the one suffered by the Ecuadorian civil registry. However, there are options to make the first and second factor of authentication less obtrusive so that users are more prone to do the right thing. Practices such as adapting the requirement based on risk, delegating permissions to prevent sharing of superuser credentials, and implementing multifactor authentication in a manner that is user friendly (such as via an app on the user’s phone) all improve security and minimise disruption. Read Less

August 29, 2019

Check Point Software Patches Privilege Escalation Vulnerability

Long term, you can combine your PSM with Privileged Account Analytics which detect anomalies in the privileged users' behaviour.

Advanced Privileged Access Management solutions can help safeguard an organisation’s IT environment by protecting and securing backend resources which are accessed by administrators, whose credentials can be used to escalate privileges. Of course, patching this vulnerability is key to mitigating the problem. In addition, by using Privileged Session Management (PSM) to strategically limit command or application execution to only those necessary for given tasks or more tactically block critical commands and channels on the fly, organisations can minimise their risks of attackers gaining access. Long term, you can combine your PSM with Privileged Account Analytics which detect anomalies in the privileged users' behaviour. This helps to not only provide a baseline for what constitutes ‘normal’ activity, but also allows for visibility and action against unexpected deviations from the baseline. Read Less