The aftermath of stolen and abused credentials

Premeditated damage control

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

🔒 Related Stories: Cybersecurity for Executives

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attackers will steal credentials. As history shows us, it is not a matter of if, but when. I’ll talk about ways to help prevent that in the next blog post, but for now, I’d like to consider a different question in my next post on Cybersecurity for Executives: How much damage can an attacker inflict on your company using stolen credentials and what can you do about it?

The term Blast Radius refers to how far-reaching the effects are of some adverse event. Initially, it was used to refer to the impact a bomb would have on its surroundings, but the same concept applies to cybersecurity incidents and the specific vulnerabilities that cause them, including an open network port, CVE, or credential theft. I felt like this term was over-used at one of my employers. Consider the blast radius in the context of all aspects of your infrastructure and architecture, so your protection still allows work to get done and doesn’t cause some other architectural problem, but…