The key takeaway is the 2FA is not the cure all. There is no question that 2FA helps in securing against many hacks – especially the mass credential dumps and usage of these stolen credentials. But for targets under APT attack, CIs, Health Care, Energy, Financials, security admins must assume that their front walls will be breached and take a zero trust approach to the rest of the infrastructure. A vigilant monitoring of identities, their roles, their permissions and their changes is required
…..Read More
The key takeaway is the 2FA is not the cure all. There is no question that 2FA helps in securing against many hacks – especially the mass credential dumps and usage of these stolen credentials. But for targets under APT attack, CIs, Health Care, Energy, Financials, security admins must assume that their front walls will be breached and take a zero trust approach to the rest of the infrastructure. A vigilant monitoring of identities, their roles, their permissions and their changes is required to ensure the Principle of Least Privilege (PR.AC-6).
Read Less