“We recommend that organizations apply the principle of least privilege to all accounts to ensure that only users who have a business need to access systems and data are granted permission. A technology recommendation is for companies to leverage a privilege account management system to rotate high value credentials, thereby limiting their usefulness.” Phil Burdette – Senior security researcher for Dell SecureWorks’ CTU
