Cybercriminals and hackers are out for as many pieces of the security puzzle as they can get, but organizations can take steps to prevent them from getting the whole picture.
Lysa Myers, security researcher at ESET (San Diego, Calif.): If attackers get any one piece of the puzzle, they should not be able to figure out the whole picture. For example, if user credentials are stolen through phishing or a lost/stolen device, there should be another factor of authentication in place so the attackers are stopped from logging in. If an attacker does manage to log in, there should be network segregation and limited privilege, so they cannot pivot into more sensitive databases or areas within an organization.