Mirai Lingers, Passwords Fail as IoT Devices Proliferate

A few weeks ago, the Wall Street Journal ran a story about a laundromat in Carbondale, Colorado that was infected with the Mirai internet virus. Unbeknownst to the business owner, an internet-connected video recorder had been infected and was scanning the web for places to spread itself. The only sign that something was amiss was the fact that the device was regularly acting up — disconnecting the remote viewing app and forcing the owner to reconnect it by restarting the digital video recorder. While the story didn’t reveal any new developments, it does serve as an important reminder that malware…

Addressing the Top Five App Risks in Business

It’s a time of conflict There’s a battle within businesses, and the battleground is your applications. Employees – in the name of productivity – are adopting new cloud and mobile applications every day.  IT – in the name of security – is trying keep private data secure against breaches. Both groups often think the other “doesn’t get it.”  Users complain about complex password policies, and security-related “hoops” they have to jump through.  IT complains about endless helpdesk calls for password resets, shadow IT introducing risk, and an inability to secure an ever-changing hybrid environment. But both groups have more common…

Single-factor Authentication (SFA) vs. Multi-factor Authentication (MFA)

This blog will discuss the what single-factor authentication (SFA), two-factor authentication (2FA) and multi-factor authentication (MFA) are, and why more than one factor of authentication is vital to security. What is Single-factor Authentication (SFA)? Single-factor authentication is the simplest form of authentication methods. With SFA, a person matches one credential to verify himself or herself online. The most popular example of this would be a password (credential) to a username. Most verification today uses this type of authentication method. What is Two-factor Authentication (2FA)? Two-factor authentication uses the same password/username combination, but with the addition of being asked to verify who a person is by using…

Why Organizations Need Adaptive Multi-factor Authentication (MFA)

We hear about high profile security breaches frequently. Most of these breaches exploit the system login credentials of end users to get into the company’s network. Leading organizations are recognizing this and are beginning to focus on better securing end user identities. Multi-factor authentication (MFA) is becoming a very popular method for doing this as MFA requires a user to provide more than just a password to access the network. These additional factors of authentication require the user to provide something that only the user knows, has and is. As a best practice, when implementing MFA, it should be setup across…

3 Ways to Ensure You Are Not the Next Company Breached

There is a superstition that bad things happen in “threes.” This month, we mourned the loss of three national icons — Astronaut, John Glenn, Actor, Alan Thicke and TNT Sideline Reporter, Craig Sager. Similarly, this week, I received an email from Yahoo! announcing they had been breached again — affecting over 1B users — including me. On Friday, I received another notification from Bleacher Report, informing me that their users had been compromised. Do you see where this is going?… STOP! Is this Superstition True? The short answer is No. Are superstitions true? Most rational people would agree that they…

Changing the Game: Simplified Authentication to IaaS

I am pleased to introduce the Identity Broker capability of the Centrify Privilege Service. Identity Broker for Linux enables a new paradigm in user authentication to Linux systems, which seamlessly integrates your choice of directory service, including Active Directory, LDAP directories or cloud directories such as Google G Suite Directory. This is a significant advancement in Centrify’s identity consolidation capabilities and delivers freedom of choice when deciding where to store your identities. For 12+ years, Centrify has focused on delivering some of the best possible integration of Linux servers into Active Directory. Our customers are successfully securing identity, authentication and privilege across…

EU GDPR, Mandatory Data Breach Notification and How Centrify Helps

Breach notification rules in the upcoming EU GDPR (General Data Protection Regulation) will mean data breaches are far more likely to become public, where today it is possible (although probably ill-advised) to try and sweep them under the carpet. The 2016 Verizon Data Breach Investigations Report stated “63% of confirmed data breaches involved weak, default or stolen passwords.” Centrify protects against the leading point of attack used in data breaches – compromised credentials – and can therefore reduce the risk of breaches taking place. EU GDPR Background The EU GDPR will apply from 25th May 2018, and although that seems like a long time from now, companies may find they…

Black Friday & Cyber Monday – Who’s Getting the Best Steal?

It’s the most wonderful time of the year! Well, almost! With Christmas just a matter of weeks away, millions of people worldwide have commenced their Christmas shopping and are preparing for the festive season. Whilst Christmas gives us the perfect excuse to splash out on gifts, there’s no doubt that we are all looking to bag ourselves some bargains, and Black Friday and Cyber Monday will certainly have you itching to whip out your credit card. The hype surrounding Black Friday and Cyber Monday shopping deals has certainly intensified over the years, and shoppers both in store and online are…

Did a Lack of Common Sense Cybersecurity Just Elect Trump?

There is little debate that this election will be described as a referendum on the status quo, with very strong anti-establishment and anti-elitist sentiment driving record numbers of unexpected voters to the polls. But that doesn’t tell the complete story. Yes, the Hillary campaign brought the current administration out in force in the final weeks, thus cementing her image as an entrenched Washington insider. But I can’t help but think that this status quo image began to be shaped and hardened as a direct result of the leaked insider communications exposed on WikiLieaks and as a result of the hacked…

Password Management: Amateurs Hack Systems, Professionals Hack People

To say it in the words of the security guru, Mr. Schneier,“Amateurs hack systems, professionals hack people.” Don’t believe that the typical hacker is the socially awkward 20-something-year-old young man who cannot make eye contact with someone at Starbucks —  like Elliot from Mr. Robot. The most successful hackers are truly gifted grifters who can “talk their way out of almost anything” — or better said, “talk their way into anything.” Kevin Mitnick is probably the most notorious hacker of recent years, who has mastered the art of exploiting human vulnerabilities to get into computer systems, including those of American…