LinkedIn | Wall Street Journal | By: Nick Elliott (WSJ Editor) & Rob Sloan | June 20, 2017:
Trust is normally considered a virtue in business but as the National Security Agency looks across the landscape of cybersecurity threats it sees trusted relationships as a major weakness for companies.
These are the relationships companies have with third parties such as law firms or suppliers, which can provide an opening for hackers. Indeed, as companies have strengthened their own cyber-defenses, these third parties have become a major target for cybercriminals.
“The more connections and trusted relationships you have, the more avenues there are into the network,” said Ryan Agee, technical director for cybersecurity operations at the NSA. Mr. Agee has more than 30 years of experience in the NSA.
Five years ago, hackers could exploit very simple trust relationships to move from one target to another. For example, hackers broke into Target Corp. in 2013 using credentials stolen from the heating, ventilation and cooling service provider.
“Now we’re seeing multi-hop, or exploitation of other non-traditional trust relationships,” said Neal Ziring, technical director for the NSA’s Information Assurance Directorate, which provides cryptographic support to defend national security systems.
To read full article – please click here.
