From a Microsoft Azure Active Directory perspective, there are two approaches to MFA:
1. A laser accurate approach specific to the application in the Azure blade using conditional access
2. A global approach managed through the “Multi-factor authentication” page via Office 365
Password complexity has been touted for some time to prevent identity theft. Especially in an Active Directory environment. Typical password complexity rules in Active Directory are:
Navigating today’s threat landscape and ensuring security in the public cloud is more important than ever. When it comes to AWS security best practices, businesses must start with an understanding of the AWS Shared Responsibility Model. Unfortunately, many companies don’t fully understand that shared model and who is responsible for what, despite the AWS clear statement:
Editor’s note: This article is an excerpt from the Essential Guide to IT Security Strategy.
Businesses in the digital age can no longer rely on disconnected security tools, alongside robust protocols and policies, to avoid increasing IT security threats. The development of a proactive and multidimensional strategy for securing data and your organization’s IT infrastructure is built on well-developed security policies, and overall strategy. However, the first step toward developing that security strategy is to conduct a thorough and in-depth threat assessment.
With the recent Spectre and Meltdown flaws sending a wave of disruption across IT and all business communities, the scope of the problem continues to unfold. Either one or both of the flaws are present in Intel chips from the last 15 years embedded in countless processors running PCs, servers, and phones.
According to the Verizon 2017 Data Breach Investigations Report, 51 percent of breaches included some form of malware. While malware in all of its forms is a pervasive threat, what most businesses should be focusing on is that there are numerous cyber threats that they need to guard against.
Cybersecurity has become a frequently used term in business these days.
Whether you hear it in the news or in a meeting, most people are aware that businesses everywhere, and every size, are being targeted by cyber criminals. Just recently companies such as Equifax, Netflix, Sonic, and Yahoo! found their names in the headlines as the latest victims. However, the smaller companies that are also victims hardly get a mention even though they account for 43 percent of all incidents, which cost them an average of $879,582 in damages.
The Microsoft Windows Security Blog recently made it clear that WannaCrypt ransomware was leaving systems vulnerable to infiltration because of poor patch management. Despite this often-repeated truth, far too many organizations are still leaving vulnerabilities that fall short of preventing malware.
Last week, the former CEO of Equifax testified in front of the house energy and commerce committee regarding the massive data breach that his company fell victim to earlier this year. This breach caused the exposure of approximately 143 million U.S. consumers personal and financial information.
In his testimony, Richard Smith explained that the breach was caused by the failure of a single individual to properly communicate and act on a patch to a critical vulnerability.
“Both the human deployment of the patch and the scanning deployment did not work,” Smith told Congress. “The protocol was followed.”
