View this email in your browser

This week's episode of Defense in Depth

Account Takeover

 On this episode of Defense in Depth:

Co-host Allan Alford and our sponsored guest is Mike Wilson, CTO and co-founder, Enzoic, discussed:

• Attack takeover (ATO) has a life cycle with multiple (6) steps. The first step is reconnaissance and you need to focus on that to stop the life cycle.

• There's plenty of talk about sharing OSINT (open source intelligence), but the reality is, and always been, that there are more consumers than contributors. Like any open source endeavor, it can only get better if more people contribute.

• Account takeover has at its root in stolen credentials, and as we know from sites like "Have I been pwned?" there are billions of stolen credentials floating out there that are consistently being used in credential stuffing attacks.

• What is your credential situation? How unique are they? Can they be learned?

• Start threat modeling your existing systems to determine what type of investment you'll need to make in account takeover.

• You can greatly reduce the risk of ATO by implementing multi-factor authentication (MFA) and privileged access management (PAM).

• The bad guys are playing the same game as we are and we essentially need to have better reconnaissance than them. Problem is they're sharing information freely and we're not.

Special thanks to this week's Defense in Depth podcast sponsor, Enzoic.

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Learn more about Enzoic.

THANK YOU for a great 2019

If it wasn't already evident, we had a fantastic year thanks to you listening, contributing, and telling all your friends about the podcasts and the CISO Series.Thank you.We've got lots more planned for 2020. If you're interested in sponsoring or just contributing, please contact me. Thank you again. If we can keep everyone entertained, informed, and driving towards success, I think we'll have another successful 2020.This is our last newsletter of 2019. We'll be starting up again after the first week of 2020.

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

• iTunes

• Spotify

• Stitcher

• RSS Feed

• iTunes

• Spotify

• Stitcher

• RSS Feed

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.