Weak or reused passwords, ports that are open to the Internet, and bad patching are some of the most common problems that lead to data breaches This article explores benoit said oauth. . Benoit said that security teams should try to "stop incidents before they happen."
Benoit didn't just say what went wrong and what people usually do wrong; she also gave tips on how to do better. She told me, "Don't trust anything," whether it's people, processes, or vendors. As Benoit talked about her findings, "Dumb Ways to Die" (the name of the session) played in the background. Benoit says that the Cycle of Convenience Over Security is the best way to go.
People get mad when companies tell them they can't check their email on their personal devices.
If companies don't do anything to make it easier, users won't be able to make the right choice. To lower risks, it's important to have clear policies for protecting identity. Benoit said that OAuth consent is a "giant, gaping hole in security" because it's hard to keep an eye on or stop people from getting to that data.
She said that the answer is to find email security solutions that stop phishing emails to make things easier for people. She also said that two-factor authentication should be used to protect sensitive data like financial information. By default, Microsoft blocked Post Office Protocol and Internet Message Access Protocol for all Exchange Online tenants who used basic authentication. One way to deal with some of these problems is to get to know developers better.
"Literally one of the best things" organizations can do for their security program is to be friends with the development team. Building trust can take time, but once it does, everyone on the team is responsible for security, and developers are a big part of that. "Work with them, be nice to them, and they'll come to you."
Benoit said, "They'll tell on their friends." "They'll tell on themselves," she said. "That's a real problem," she said. "If you pass the blame, they won't work with you."
