Intelligent CISO Issue 23 | Page 39

FEATURE The most important security recommendation for everyone is to ensure that every password you use is unique and not shared with any other resource. compromised account and password to attack other resources. The attacker’s options and movement are significantly limited, though they could try to leverage advanced techniques to steal other credentials from the system they have compromised, such as by scraping passwords from memory. In that case, not only generating unique passwords, but also rotating passwords frequently will help mitigate the attack. most businesses that need to share accounts (due to technology limitations) and automatically generate unique passwords, such as to keep up with employee changes or to meet regulatory compliance guidelines. Another security best practice to be mindful of — a password alone should never be the only authentication mechanism for critical data, sensitive systems and potentially daily operations into those resources. Multi-factor authentication (MFA) or two-factor www.intelligentciso.com | Issue 23 authentication (2FA) should be layered on top to ensure a unique password, per account, is actually being used by the correct identity when authentication is required. One key merit of this universal security recommendation is that it ensures that if your password is stolen, leaked, or inappropriately used, it can only be leveraged against the corresponding resource assigned (if MFA or 2FA is not present). If passwords are unique, a threat actor cannot use one Solutions for privileged password management across an organisation’s entire information and security infrastructure can help. Advanced tools provide automated management for sensitive accounts and passwords (including SSH key management), such as shared administrative accounts, application accounts, local administrative accounts and service accounts, across nearly all IP-enabled devices. This helps ensure this top security recommendation can be implemented across any organisation to enforce strong enterprise password security. u 39