3 Attacks from Non-Critical Applications
Software upgrade and network redesign costs have forced many administrators to make difficult choices about which end-devices and applications should be secured with Two-Factor Authentication (2FA). Too often we view cybersecurity through the lens of auditors. We wonder what are the requirements for PII protection under HIPAA or PCI DSS? This attitude causes many to ignore so-called non-critical devices and applications by leaving them with only username+password authentication. It is, however, important to recognize that it is often these non-critical devices and applications that offer the most potential for attacks and are the easiest to compromise. This paper describes 3 attacks from non-critical applications and the risks they present to the organization.