Security News > 2020 > September > Takeaways From the Shopify Hack

According to the 2020 Insider Threat Report by Cybersecurity Insiders, the biggest enabler of insider attacks is the fact that in 61% of incidents the perpetrator had elevated access privileges to sensitive data and applications.

Traditional perimeter security will not protect against over privileged insiders that want to access critical data.

Businesses need to adjust their security strategies to match modern threats, moving away from sloppy password practices and unsecured privileged access, and instead shift their focus to enforcing administrative access controls based on a least privilege approach.

Establish least privilege: Assign privileged users just enough and just-in-time access to resources they require to do the job.

Implement access request and approval workflows: Govern privilege elevation with self-service access requests and multi-level approvals, to capture who approved access and the context associated with the request.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/1Tqi3cD6ihA/takeaways-shopify-hack