Although external cybersecurity attacks and malware make for sensational headlines, the biggest security threat most organizations face comes from trusted insiders with privileged access to sensitive data. Cybersecurity Insider’s 2020 Insider Threat Report reveals that 68% of organizations report that insider attacks are becoming more frequent and that they feel vulnerable to them.
Remember your first day on the job? You might groan just thinking about it, or maybe you are filled with the optimistic nostalgia of all the great things you set out to accomplish. It’s all a matter of your current perspective. One of the greatest apprehensions about that first day is meeting all of your new colleagues. Someone probably gave you a tour of the office, introducing you to all the new faces, as you wondered how you will remember all the names.
The identification of every user making a request to a given system is vital to ensuring that action is only taken by, and information only returned to, those who need it. This happens in two steps: first, the requester is identified (authenticated), and then that identity is used to determine which parts of the application they are allowed to access.
Last year’s IDC’s Cloud Security Survey found that nearly 80 percent of companies polled have suffered at least one cloud data breach in the past 18 months.
This is a guest blog post from Shuo Yang in his blog series “Transitioning to Programming the Cloud”, as a part of our blog posts focusing on Identity, Security and Access. We talked about how AWS CIP, STS and IAM can serve as the foundation of application authorization in our last post, i.e., how the application gets the temporary credential representing a specific role (i.e.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week let’s go back to security basics with password hygiene—the simplest, and yet often overlooked step in account security. Passwords have been the bane of many internet users since the inception of the world wide web.
Users with privileged access to an organization’s systems and networks pose a special threat. External threat actors often target privileged accounts using phishing schemes and social engineering techniques, since gaining control over these credentials helps them move more freely inside the network. Moreover, people sometimes misuse their own privileged accounts; this type of cyberattack takes the longest to discover, according to the Verizon Data Breach Investigation Report.
