""If individual members of an organisation can access large volumes of sensitive data unilaterally, this creates a structural weakness where a single set of compromised credentials can lead to widespread data exposure. Any policy that allows broad access to sensitive systems via a single identity, without additional safeguards, introduces significant risk." "Traditionally, access scope often increased with seniority, an approach that is now widely recognised as problematic in modern threat environments," Jepson said via email."
""Modern security practice recognises that access should be determined strictly by operational need rather than hierarchy. Senior figures are frequently primary targets for threat actors, which makes excessive privilege particularly dangerous," he added."
Investigators discovered unauthorized access to the national bank account registry FICOBA in late January. A threat actor used stolen credentials belonging to an official to access the database storing information on all bank accounts opened in France. The breach exposed 1.2 million accounts, including IBANs, account holder names, addresses, and in some instances tax identifiers. Access has been terminated and impacted individuals are being notified. The attacker could not perform banking operations or view balances. Officials warned of potential scams and phishing attempts. Security experts emphasized risks of excessive privilege and the need for strict access controls.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]