If identity is the new perimeter, it is also the new battleground. Each new breach of credential data leads to a ripple effect of identity theft and fraud across enterprises, regardless of industry. A single leaked password from an obscure forum can result in the full compromise of enterprises today. Every week brings a new dump of passwords to add to the conveniently packaged and widely distributed combolists that feed wide-scale credential-based attacks.
We need to start thinking of data breaches, particularly those of identity-related data, as a systemic problem—not something that only impacts the breached organization.
This talk will detail not only how and why breached credentials affect every organization—including a look at some of the methods and tools used by attackers—but also introduce new best-practices and an open source tool for defending against these threats.
Robert Paul is the Director of Research & Development for NuID, an authentication and cyber security company. At NuID, Robert studies the identity landscape from a security perspective and looks to uncover real-world threats in authentication and other identity technologies. Robert is a seasoned white hat hacker and red-teamer, with experience on the security teams at Microsoft, Ericsson, and McAfee. Before NuID, he most recently held a position at Microsoft working on the cryptographic libraries for Azure. Robert is CISSP and OSCP certified.