Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who can create or hide these accounts in your system for nefarious reasons.
Before I start, I need to come clean and tell you that I love enterprise software. Weird? Maybe. However, after working in the industry for many years and for many different companies, enterprise software is the basis for what drives business. Whether it’s your CRM, ERP or cyber security – it all starts with enterprise software.
Internships are becoming more and more necessary in order for college students to land a job straight out of college. In fact, over 85% of college students complete internships every year. With numbers like these, it’s quite possible that you have a few interns in your office throughout the year. We had five this summer and they were amazing – and not just for getting coffee and making copies. They were integral parts of our business. As such, they had access to several different applications based on their area of focus within the business.
Did you know that one of the top nine attack types consistently covered in Verizon’s Data Breach Report are insider threats and privileged misuse? According to this year’s report, 66% of insiders steal information in hopes of selling it for cash, 17% are just unsanctioned snooping and 15% are taking it in order to take the information to a new employer.
What is the root cause of all of these problems? Access.
At the official start of summertime 2016 in Britain we are starting to consume the labour of last autumn, five gallons of alcoholic homemade cider (yum!) made from eight apple varieties grown in mine and my neighbors’ gardens. I’m very VERY careful sterilizing glassware, containers, and buckets: there was this unfortunate incident three years ago (no, you don’t want to hear the horrible details), enough to say I watch each step like a hawk to ensure a batch does not become tainted.
I was at the Red Hat Summit in Boston at the end of June. We had a lot of activity at our exhibitor stand, and a lot of discussions being passed on to me by our sales team
I continued to have the same conversation again and again over the three days. This seems to be the year people have finished bedding down Puppet in their server/VM infrastructure, and are looking for ways to fill gaps where Puppet isn’t so useful. Like problems with OS security.
It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s a time for retailers to shine. But, it’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target them. In this two part series, we will discuss things retailers should consider this holiday season to better secure themselves from attacks and to ensure continuous compliance to industry regulations.
According to the Verizon Data Breach Report over 80% of breaches were due to stolen or misused credentials. This shows us that our access credentials are more valuable than ever which means that being able to locate our high risk access accounts has become more important than ever. Do you know who has the administrative privileges to your key applications, networks, servers, or even email programs? When you are working in a small company with only a handful of employees this information can be easily tracked.
Guest Post- Alex Naveira, Director, ITGA & CISO on Compliance