Nothing introduces more complexity to an organization than access control as with access comes privileges. Privileges are needed for many activities within an organization. Couple the need for privileges with the complexity organizational structures and the usual personnel churn and an already complex problem becomes nearly unmanageable. Attackers target credentials for this very reason.

Compromising an end-user with no privileges may seem trivial and unlikely to cause harm. However, as we discuss in this episode, if a privileged user logged in on that end-user’s machine, their privileged credentials are now comprised, allowing the attackers to exploit other parts of the organization’s network. While the problem can reach a place of being unmanageable, there are methods and solutions available to tackle this problem.

Links:

• Enterprise Access Model
• Credential Harvesting and Mitigations (PDF)
• Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
• The Growing Threat from Infostealers

Mobile devices have become an extension of ourselves, seamlessly integrated into our daily lives like never before. But as we prioritize convenience—wanting our devices to “just work”—we often overlook security. This episode dives into the growing cybersecurity challenges that come with mobile adoption and what individuals and organizations can do to stay protected. We’ll go over:

• Why reliance on convenience creates security vulnerabilities (hint: it isn’t primarily vulnerabilities in the technical sense, more in the human sense)
• Key technical and compliance components driving mobile device security
• Technologies organizations can leverage to balance security and usability

Links:

• https://www.hypori.com/use-cases

Rolling out a new program always comes with challenges and CMMC has been no exception. Fortunately, we’ve moved into the implementation phase, with assessments now underway. This milestone not only helps organizations see the real value of the program but also gives us the chance to address lingering questions and clarify uncertainties that could only be resolved through full implementation.

With this progress, we’re encountering fresh challenges and questions we hadn’t anticipated — while still fielding many of the same inquiries we’ve heard from the beginning. The good news? Full implementation means we can now provide more concrete, experience-backed answers to both new and long-standing concerns.