Security Expert Defines Privileged Threat In CSHub Webinar

On Sept. 12, the Cyber Security Hub led a webinar alongside Thycotic on the importance of privileged access management principles, as well as the rationale of today’s threat actors.

A measurable success, the webinar drew a record number of registrants, all of whom appeared eager to learn about the morphing threat landscape.

Thycotic’s Chief Security Scientist, Joseph Carson, spoke about the parameters of today’s security operations. While the conversation ultimately moved to the inherent vulnerability of a privileged account, Carson also touched upon the criminal underground, best practices at the CISO level and ways in which a solution can essentially “mediate” the privileged access concern.

Cyber Security Hub Editor, Dan Gunderman, hosted the event and moderated a question and answer (Q&A) session with Carson that also included user-submitted questions.

Carson’s ultimate focus was on the innate vulnerability embedded in admin accounts, as privileged users, with little gatekeeping, can swiftly move laterally across the enterprise – once they’ve cracked the account.

Carson also commented on the methods and motives of the cyber-criminals behind these illicit acts. He mentioned that these actors sometimes scope out networks well in advance, and even linger in and around the network before pouncing.

See Related: Inside The Mind Of A Hackcer: From Stolen Identity To Full-Blown Data Breach

What’s more, the Thycotic security expert described today’s threat landscape as a complex but chartable territory, so long as enterprises have the right tools in place, as well as people and processes.

The conversation soon shifted to the aforementioned privileged accounts; Carson took time to thoroughly describe the function and embedded security around them. Of course, numerous researchers have verified that take, describing the access as, perhaps, the most damaging threat vector.

See Related: Security Execs Talk Facebook CSO, 'Single Pane' & Strategy

By helping attendees understand how these cyber-criminals target their victims, Carson discussed the force-multiplying capabilities of a PAM solution. Bringing principles of “least privilege” and “zero trust,” they enable secure activity and access to accounts only when needed, and by appropriate parties.

Throughout the Sept. 12 webinar, Carson also emphasized intervention from upper management, meaning cyber awareness across all facets of the business – upward and outward. Carson called for direct involvement of other members of the C-Suite and the board of directors.

Altogether, the webinar speaker seemed optimistic about security capabilities, but warned attendees to take heed of various bits of industry advice – because one slip-up could mean the exposure of millions of accounts or protected health information (PHI), or even a General Data Protection Regulation (GDPR) fine amounting to millions (where applicable).

In the 40-minute session, the security expert specifically broached the following topics: escalated hacker sophistication, defining "keys to the kingdom," maintaining illicit access, best practices to shore up defense, traditional firewalls and antivirus solutions, awareness in the enterprise, PAM solutions, wider access controls and ways to enhance overall security posture.

Carson also took questions from the audience on vulnerabilities in the space sector, as well as benchmarking across industries.

(For all those who attended and registered for the event, Thycotic provided a free, in-depth e-book on privileged accounts.)

Eager to see what you may’ve missed in this comprehensive session? As an invaluable voice in the space, Carson provided actionable insight and intel on threat motives and vectors. So, be sure to revisit the Cyber Security Hub’s webinar, On Demand, by clicking here!

Be Sure To Check Out: Certifications A Part Of 'Vicious Circle' In Cyber Security Space?