Reddit Hack Shows Limits of MFA, Strengths of Security Training
The latest hack of a well-known company highlights that attackers are increasingly finding ways around multifactor authentication (MFA) schemes — so employees continue to be an important last line of defense. On Jan. 9, Reddit notified its users that a threat actor had successfully convinced an employee to click on a link in an email…
Moving your Microsoft environment to zero trust
Zero trust is a concept that’s easy to grasp but incredibly difficult to implement. It touches almost every system, component, application, and resource within an enterprise, and requires a strategic framework and specific tools and technologies to achieve best practice results. As organizations move Microsoft environments towards zero trust, it’s vital to ensure that all…
What are the benefits of passwordless authentication?
In this video for Help Net Security, Christofer Hoff, Chief Secure Technology Officer at LastPass, talks about the benefits of passwordless authentication. The basic components needed to make passwordless authentication a reality are: An open, standard set of processes, technologies, APIs, etc., to enable all the various components to work together across devices, operating systems,…
Why SOC 2 Compliance Is a Matter of (Zero) Trust
SaaS solutions are now so entwined in business users’ daily routines that they seem to meld into one experience — or simply put, “the way I work.” Yet the reality is there are many disparate cloud applications in play across a typical enterprise — 364 on average – which means a lot of complexity and…
What We Can Learn From Lapsus$ Techniques
The Lapsus$ cybercriminal collective has been making headlines in recent weeks. After several high-profile attacks, the security community is turning its gaze toward this new threat actor and its techniques. The Okta incident also reveals some details of their techniques. Microsoft has now published an in-depth blog post detailing the activities it has observed associated…
The Case for Building Identity Security into Enterprise UX Design
People expect nothing short of exceptional from their personal tech experiences. Yet these lofty, consumer-driven standards haven’t really applied to work-issued technology until recently. Now with ample work-from-anywhere time under their belts, workers are demanding more of the enterprise applications they use to do their jobs. And if user-centric Identity and Access Management (IAM) protections…
When Multifactor Authentication Is Compromised: Fighting Back With AI
Multifactor authentication (MFA) became mainstream in 2021. Google began pushing to make MFA its default for all users. The Biden administration even required all federal agencies and contractors to implement MFA in its Executive Order on Improving the Nation’s Cybersecurity. MFA adds in extra layers of verifying a user’s identity so that attackers cannot compromise…
A closer look at fileless malware, beyond the network
Cybersecurity is an arms race, with defensive tools and training pushing threat actors to adopt even more sophisticated and evasive intrusion techniques as they attempt to gain a foothold in victim networks. Most modern endpoint protection (EPP) services are capable of easily identifying traditional malware payloads as they are downloaded and saved on the endpoint,…
Consumer behaviors and cyber risks of holiday shopping in 2020
While consumers are aware of increased risks and scams via the internet, they still plan to do more shopping online – and earlier – this holiday season, McAfee reveals. Thirty-six percent of Americans note they are hitting the digital links to give gifts and cheer this year, despite 60% feeling that cyber scams become more…
Biometric device revenues to drop 22%, expected to rebound in 2021
In the aftermath of the COVID-19 pandemic, global biometric device revenues are expected to drop 22%, ($1.8 billion) to $6.6 billion, according to a report from ABI Research. The entire biometrics market, however, will regain momentum in 2021 and is expected to reach approximately $40 billion in total revenues by 2025. Global biometric device revenues…
