If you want to secure a computer, lock it in a safe and throw the safe in the ocean. If you want a computer system people actually use, there must be a way for them to access the system. This presents a security risk. While cybersecurity is good at making sure only the right people get into the system, hackers have figured out how to disguise themselves as legit users, according to Brad Hibbert (pictured), chief technical officer at BeyondTrust Inc., a global cybersecurity company.

“Hackers are going after the credentials, they’re going after the privileges, because that gives them more access to the corporate data,” Hibbert said.

Hibbert spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE’s mobile livestreaming studio, during the recent Chertoff Group Security Series event in Palo Alto, California. They discussed matters of computer security, company culture and how BeyondTrust helps its clients guard against cyberthreats. (* Disclosure below.)

Keeping the keys to the cyberkingdom

BeyondTrust is focused on helping companies manage their cybersecurity risks, especially those from the internal environment. That means securing systems from inside the company, not just at the walls, Hibbert explained. This is important because hackers now go after the users to steal their access rather than attacking the system directly.

Users represent an easy target for hackers. Likewise, most security is at the gates, so a compromised user can pass under the radar while the bad guys use that access to do all sorts of nasty things, Hibbert stated. Access is tricky because people talk to their computers in so many ways. Phones, cameras, sensors, workstations and more all need securing. There’s no good way to manage this security patchwork. Beyond that, cybersecurity must also watch how people use their access once logged in to find the inevitable bad actors; it’s more than just passwords, Hibbert added.

Security is also cultural. A company must patch their programs. Admins need to secure new devices before hooking them into the system. Information technology has to manage access levels through the business. One machine, left unsecured, could compromise the whole network, according to Hibbert.

“It’s a big problem, and in a lot of organizations it’s a missing security layer,” Hibbert concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of The Chertoff Group Security Series “Security in the Boardroom.” (* Disclosure: TheCUBE is a paid media partner for The Chertoff Group Security Series “Security in the Boardroom.” Neither The Chertoff Group LLC nor BeyondTrust Inc. have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE