Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture www.welivesecurity.com/en/busine…
What do M&S and Co-op Group have in common? Aside from being among the UK’s most recognizable high street retailers, they were both recently the victims of a major ransomware breach. They were also both targeted by vishing attacks that elicited corporate passwords, providing their extorters with a critical foothold in the network.
Why has identity become such a popular attack vector? Part of it stems from the way companies work today. There was a time when all corporate resources were safely located behind a network perimeter and security teams defended that perimeter with a “castle-and-moat” strategy. But today’s IT environment is way more distributed. A proliferation of cloud servers, on-premises desktops, home working laptops and mobile devices mean the certainties of old have evaporated.
Identity is effectively the new network perimeter, which makes credentials a highly sought-after commodity. According to Verizon, credential abuse was a factor in nearly a quarter (22%) of data breaches last year.
