It’s likely that HIS credentials were revoked, but anyone in IT will tell you there many systems which are accessed by a shared direct username/password login, and yes while that should be changed when needed a much easier solution would be to lock those apps/sites behind a VPN which is much easier to revoke access to.
Exactly. Nothing with shared credentials should be directly accessible to someone off site to begin with. Either way things went down they have a security hole you could fly a blimp through. Either they aren’t revoking credentials properly or they have eternally facing systems using shared credentials.
It’s likely that HIS credentials were revoked, but anyone in IT will tell you there many systems which are accessed by a shared direct username/password login, and yes while that should be changed when needed a much easier solution would be to lock those apps/sites behind a VPN which is much easier to revoke access to.
Exactly. Nothing with shared credentials should be directly accessible to someone off site to begin with. Either way things went down they have a security hole you could fly a blimp through. Either they aren’t revoking credentials properly or they have eternally facing systems using shared credentials.