Remember that Yahoo breach last year, how it became the largest breach in history impacted over 1 billion users and knocked $350 million dollars off of the Verizon acquisition price? Turns out that EVERY account at Yahoo! including email, Tumblr, Fantasy and Flickr were impacted by the breach. That’s all 3 billion accounts vs just the 1 billion that were announced last year. Oath, the new brand for Yahoo, AOL and some other properties at Verizon issued a press release stating “The company recently obtained new intelligence and now believes…that all Yahoo user accounts were affected by the August 2013 theft,” This is…
The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity
The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…
4 Tips to Stay Safe Online for National Cybersecurity Awareness Month
Help! I Love the Internet, But My Identity and Data Are Up For Grabs — Should I Just Unplug?! In honor of National Cybersecurity Awareness Month, we at Centrify are doing what we can to help you to be #CyberAware. The theme for the first week is around simple steps to online safety. Have you ever considered how to protect your privacy or identity while “online”? Have you noticed over the last few years how many times your data has been stolen or exposed by hackers? Have you observed that most of these breaches were from systems where you were…
Ushering in a Cybersecurity Renaissance with the World’s Top Experts
As CEO Tom Kemp mentioned in his recent blog post, Centrify has reengineered its annual user group event to more comprehensively tackle the many security issues facing organizations today. As the thought leader partner for CyberConnect 2017, ICIT has spent the last several months building a powerful curriculum which will empower business and technical leaders tasked with defending their organizations from digital threats. The result is a program that will inspire, educate, and ultimately help bring order to organizations developing strategies to survive in today’s cyber kinetic meta war. At ICIT, we believe we’ve entered a new paradigm where old…
The Equifax Data Breach Disaster: ICIT’s Synopsis of America’s In-Credible Insecurity
The following are some of the key points excerpted from Part One of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Senior Fellow, Institute for Critical Infrastructure. This polemic 32-page report is an essential read for security practitioners, executives with responsibility for data security and privacy and a profound warning for CXO’s and board-executives in companies with responsibility for protecting Personally Identifiable Information, (PII). The recommendations offered in this ICIT report can help consumers and organizations alike mitigate some of the emerging attack vectors and regain a semblance of control over their identity, sensitive information and…
Stay Secure With Day One Support for iOS 11 and macOS High Sierra
It’s that time of year again: time for all the latest and greatest from our friends in Cupertino. Last week, Apple released iOS 11 and this week Apple released the latest update for macOS, the 10.13 High Sierra release. We here at Centrify are excited for the new capabilities, new look of iOS 11 and the significant performance improvements with macOS High Sierra; so, we have made sure that our customers are able to move forward with day one support for both offerings. Our day one support for is effective across the product line, including our Centrify Endpoint Services, Centrify…
How to Protect Against Insider Threats: 3 Tips from HBO’s Game of Thrones’ “LittleFinger”
“I did warn you not to trust me.” (Spoiler Alert: for those of you still binge watching Game of Thrones seasons 1-6) For Game of Throne fans, Lord Baelish’s (otherwise known as Littlefinger) fate was only somewhat surprising, inevitable and a gratifying finale for the nefarious character. A master of manipulation, Littlefinger’s enterprising ways led him to acquire both wealth and key intelligence on his political rivals — a classic example of a malicious insider. As his relevance in the storyline grew over the seasons, his underhanded and power grabbing methods gained momentum. Photo credit: 7strongest (cc by 2.0) So,…
A Lesson in Secure Password Management from the Equifax Data Breach
Last week, Krebs on Security published an article “Ayuda! (Help!) Equifax Has My Data!” which reported “that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: ‘admin/admin.’” Yes, you read that correctly. This is equivalent to making the password to your bank account “password.” However, that is not all. According to the article, once the researchers were inside the portal, they could view the names of more than 100 Argentinian Equifax employees, their employee ID and email address. And,…
Gartner Privileged Access Management Market Overview 2017
Gartner just published their 2017 Market Overview guide for PAM, and it is a great read! The drivers for PAM are similar to last year’s, with a new emphasis on the need for “a comprehensive cybersecurity defense strategy, specifically for critical infrastructure.” Here’s Gartner’s list of drivers, and we believe they are spot on in terms of what we are hearing from our customers and how we’ve delivered capabilities to help solve these issues: The risk of breaches and insider threats The need to prevent, isolate and limit malware attacks that leverage privileged accounts An increase of operational efficiency for…
How Do You Choose the Right IAM Solution? Here Are 4 Questions You Should Ask
Cloud based services dominate today’s world and over the past few years, delivering cloud based IAM solutions is no exception. The right solution can reduce risk, cut down costs and save time, but choosing the right IDaaS vendor requires careful consideration. Putting together some basic questions to ask while covering several key elements is a first step. So…where do we begin? Is It a True Hybrid Solution? Ask your prospective vendor if they truly provide a hybrid solution with control and access across on-premises and SaaS-based applications. Federation for SaaS apps is a great first step, but larger companies will…