Brett Winterford

Brett Winterford
Senior Director, Cybersecurity Strategy

Brett Winterford is the Senior Director of Cybersecurity Strategy at Okta. He advises policy makers, business leaders and fellow security professionals on evolving threats and opportunities to improve their security posture.Prior to Okta, Brett held a senior leadership role at Symantec, and helmed security management, research and education at Commonwealth Bank.He’s best known for his work as a security journalist. In 2020, he was the founding editor of the Srsly Risky Biz newsletter, a companion to the Risky Business podcast, providing the cybersecurity, policy, defense and intelligence communities with a weekly brief of the news that shapes cyber policy.

Prior to working as a security practitioner, Brett was the editor-in-chief of ITnews Australia and has contributed extensively to ZDNet, the Australian Financial Review and the Sydney Morning Herald.

Moussa Diallo and Tim Peel and Brett Winterford

Defending against Session Hijacking

Multi-factor Authentication (MFA) is very effective at limiting what an adversary can do with a stolen password. According to research commissioned by Google in 2019, MFA thwarted 99% of automated credential-based attacks and 93% of phishing campaigns. It remains one of the most essential and effective controls against account takeovers. In some circumstances (outlined below), MFA can be bypassed. Okta’s Cyber Threat Research team has observed the proliferation of malware designed to extract...

Brett Winterford

Protection, without perimeters

Given the premise that “identity is the new perimeter”, we’re often asked about the role network attributes should play in restricting access to applications, servers and data. Can we, and should we, for example, deny access requests originating in high-risk countries or countries involved in conflict? The reality is that network context still matters. We can take into account the identity of the network and location our users are authenticating from. If a customer determines that there are...

Brett Winterford

We (still) need to talk about RDP

Quarter by quarter, for three years now, abuse of Remote Desktop Protocol (RDP) has been the most common root cause of all ransomware events. It’s no surprise why RDP makes for an attractive target: RDP is the primary vehicle for remote access to Windows servers and is used for administrative functions. It’s the most commonly listed method of remote access sold by initial access brokers. According to some 2019 research [pdf] by Sophos, an open RDP port gets its first connection request...