In cybersecurity, organizations should trust no one, whether an insider or an outsider, with unverified access to sensitive IT assets. That’s not to say, of course, that no actor should ever be granted
privileged access to network resources, which would obviously be unworkable. Rather, it requires a security scheme that asks users to not only prove that they have login credentials
they are, but also to prove that they are who they say they are
and have the authorization
to access said resource before entry is granted.