Director, Product Marketing John Walsh serves as director of product marketing at SSH Communications Security where he is focused on raising industry awareness of risk and compliance issues of unmanaged credentials. John has over 15 years of experience in the IT security industry, having held product management, product marketing, and software engineering positions at IBM and SSH Communications Security. He has led the launch of PrivX On-demand Access Manager product. Prior to joining the company, he worked at IBM where he obtained a patent, contributed to solutions guides, and designed a number of key software features for security products such as LDAP, Firewall, and Java Cryptography. John holds a BS in Computer Science from Binghamton University as well as an MS in Management Information Systems from Marist College.
No one really knows who my parents are or where I came from. Some say my father was a Nigerian con-artist, but in my mind he is prince who happens to enjoy spear phishing. Others say my parents were SSHPsychos from China. The version about where I came from which I like the least is the rumor about an office romance which really was the result of some accidental download when Bob from accounting was convinced he was downloading a spreadsheet attachment from HR. This story might make you WannaCry, but rest assured it is only the beginning. My name is Cyberattack and this story is not about where I came from. This is the story of where I am going.
I can now exfiltrate all of your source code, customer records, intellectual property, designs, bank records, and anything that makes you a business. I can bypass your Digital Loss Preventions (DLP) systems and firewalls by using the same encryption credentials I stole to impersonate anyone and encrypt all data as I move it out of your business. Now that I think about, this could kill a Fortune 500, but don’t blame me. Your negligence and procrastination have enabled me. I simply did what I was born to, what my parents taught me.
As I said before, it doesn’t matter where I came from or how I got in because once inside your business I was able to move from system to system and take whatever I wanted, turning what was once an issue on one machine into an enterprise wide crisis.
This short story can have a different ending and it is not all doom and gloom. You can take measures to help protect yourself. To learn more, visit the following pages about monitoring encrypted traffic and controlling credential access and credential sprawl in the cloud or on-premises