We recently hosted a webinar led by LastPass experts Stephanie Schneider, Alex Cox, and Jerome Ferrara, who shared key insights on cyber hygiene practices and strategies to prevent unauthorized access.
Read on to learn more about how you can apply these learnings to your own business.
Unauthorized access: the starting point for data breaches
Unauthorized access can start a chain reaction that leads to data theft, system disruption, and reputational damage.
Weak passwords, credential reuse, brute force attacks, SaaS app exploitation, insider threats, phishing, and social engineering are what attackers use to breach security borders, Alex Cox, Director of Information Security at LastPass explained.
Jerome Ferrara, Principal Product Specialist at LastPass, underscored the need for robust measures, such as strong passwords, MFA, and employee awareness training to combat these issues.
Case studies: Snowflake & Okta
Stephanie Schneider, Cyber Threat Intelligence Analyst at LastPass, added a practical POV to the discussion, citing Snowflake and Okta.
Using Snowflake as an example of a security crisis precipitated by the absence of multi-factor authentication (MFA), Schneider emphasized the need for robust password policies, regular password rotation, and dark web monitoring.
The second case involved the Scattered Spider cybercrime group implementing intricate social engineering attacks on high-profile companies like Okta and MGM Resorts. Schneider highlighted the evolving tactics of such groups and their recent focus on cloud environments, SaaS platforms, and high-level permissions to deploy ransomware.
How to empower secure user behavior
A key theme of the session, Schneider stressed day-to-day cyber hygiene, including regular password rotation and monitoring, vigilance against third-party threats, and an educated, cyber aware workforce.
Schneider emphasized the importance of multi-factor authentication (MFA), a crucial layer of protection to deflect attacks. Along with MFA, she added that regular security audits help in the early detection of potential weaknesses.
The need for continuous training and education for employees in order to prevent them from falling for sophisticated phishing and social engineering tactics was another recommendation. Humans, Schneider stressed, are often considered the weakest link in cybersecurity.
LastPass: securing passwords, simplified
Users can store complex passwords securely, effectively eliminating the need to remember multiple passwords when they use a password manager like LastPass. Admin features include policy setting, detailed reporting, and secure password sharing, simplifying the onboarding and offboarding process.
Ferrara explained the versatility LastPass offers in setting up policies for offline access, adding users, and federated login. Exportable detailed reports, multi-factor authentication options, and user activity tracking are additional features of LastPass.
Q&A session: addressing queries, mitigating concerns
During the Q&A session, Schneider and Cox answered questions about the potential risks of hacking authenticator apps, biometrics, password sharing, and changing policies. They advised staying vigilante even with MFA and advocated for biometric authentication.
Finally, Ferrara cited the user-friendly nature of LastPass, which is capable of integration with browsers and mobile apps, giving users seamless access.
With a surge in unauthorized access and breaches, safeguarding your data has never been more critical.
