Secon Cyber, hosted a webinar, with our partner Thycotic, entitled “The Anatomy of a Privileged Account Hack”. Joseph Carson, chief security scientist at Thycotic, walked us through some interesting insights and offered some valuable advice. As a Certified Ethical Hacker, Joe knows what the bad guys are looking for and therefore how to make their job harder. Here’s a very quick rundown on some of the things covered:
Hackers target humans. It’s quicker and easier and usually more successful. They can then get access to more sensitive data unnoticed.
You can’t rely on perimeter controls. People are already on the inside or trusted by the perimeter.
Once in, they will “walk the corridors and kick the doors”. What tools do you have in place to spot this?
They will often follow your processes and use your tools – to gain insight into what you do and how you do it. This includes using WSUS and SCCM for their reconnaissance, so lock those tools down.
Be unpredictable – sometimes it’s good to vary what you do and how you do it. Keeps the hacker guessing.
Be unique – in terms of passwords and credentials. This includes SysAdmins who often use the same passwords on different systems.
Over 3bn credentials are stolen EVERY year. Don’t let yours be one of them!
With high street banks, it’s often easier to get your money back than it is your identity if it has been stolen!
What can you do? It’s all about trust. Look for and use:
If you missed attending the webinar, you can watch it here.