Cloud Security , Identity & Access Management , Privileged Access Management

Identity Is the New Battleground in Cloud-Era Cyberattacks

BeyondTrust Field CTO Warns of Credential Compromise, Shifting Attack Tactics
James Maude, field chief technology officer, BeyondTrust

The cybersecurity landscape is undergoing a seismic shift as organizations migrate to cloud environments and identity compromise emerges as the primary threat vector. The move to cloud has rendered traditional network and endpoint security measures increasingly ineffective against modern attack strategies, said James Maude, field chief technology officer at BeyondTrust.

See Also: Webinar | Identity Crisis: How to Combat Session Hijacking and Credential Theft with MDR

"Attackers don't need to hack in. They don't need to have a zero-day to get through the firewall," he said. "All they need to do is access someone's credentials." This stark reality underscores the urgent need for organizations to reassess their security posture.

Migrating to cloud services presents unique challenges, exposing vulnerabilities in user privilege management and access controls across various platforms. "We used to think of it in a very binary manner of 'I'm a local admin, I'm a domain admin or I'm a standard user' … but now through single sign-on and other connections, they might have privileges in Azure, AWS or some other cloud system," Maude said.

In this video interview with Information Security Media Group at Cybersecurity Summit: London, Maude also discussed:

  • Lessons learned from real-life examples of adversaries using identity as an attack mechanism;
  • The importance of adopting "graph thinking" to understand attacker pivot points and reduce the impact of identity compromise;
  • How organizations can implement holistic security with cross-team collaboration and comprehensive visibility tools.

Maude is responsible for driving technical strategy, engaging with clients and leading initiatives in identity security at BeyondTrust. With nearly 20 years of leadership experience, he has worked in major companies such as Deloitte, Avecto and Netacea.


About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.