According to Verizon’s 2017 Data Breach Investigations Report (DBIR), “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” The National Institute of Standards and Technology (NIST) understands this. This is why, I believe, they are taking a tougher approach to identity risk than to other areas of network security. As proof I would point
Category Archives: Authentication
In June 2017, the National Institute of Standards and Technology (NIST) released its updated Digital Identity Guidelines in Special Publication 800-63-3. The draft of this publication gained a lot of press in 2016 for highlighting the cybersecurity risks when using SMS for multi-factor authentication. While the final version has not had as much focus, the
Active Directory has long been a favorite target for hackers. As every penetration tester knows, the best way to compromise a network is to gain access to the Active Directory (AD) server and escalate your account privileges. In the past few months though we have seen a shift towards more sophisticated Active Directory cyber attacks
Last week, while driving, an advertisement came on the radio for a home security system. I already have a home security system but the ad still caught my attention. As I listened I started to think about how much I pay each month to protect my physical possessions. Then I wondered why I am willing
LinkedIn Phishing – Are your employees safe? It all started as a harmless exchange between like-minded adults. It was something I had experienced many times before either at work or in the privacy of my own home. Normally I would not even have paid attention to it but it was what happened next that scared
What Ryan Lochte Can Teach Us About Selling Cybersecurity Tools
Do cybersecurity vendors consider user experience? We need to start designing solutions based on both network protection AND network performance.
The DoD CIO Terry Halvorsen made a bold call for the replacement of the CAC within the next two years. If there is no more CAC how can the DoD maintain its PKI?
I recently returned from the AFCEA Defensive Cyber Operations Symposium where one of the main topics was Assured Identity, particularly as it pertains to Mobility. The DoD’s Public Key Infrastructure (PKI) is well established as is the use of two-factor authentication via a Common Access Card (CAC). However, with the proliferation of mobile devices, CAC