Identity Management: What You Know. What You Have. Who You Are.
"We won't be able to rely on passwords in the future", Bill Gates predicted nearly 20 years ago.[i] His prediction has come true. Passwords are no longer enough to protect IT infrastructures. However, there are ways and means to drastically reduce the risk of data theft, account takeovers and other cyber threats. Currently, one of the most important and efficient protective measures is multi-factor user authentication (MFA), a system used by millions of companies, organizations and individuals worldwide.#Cloud Security #Firewall #Security Risk Assessment #Security Strategy Architecture #SIEM #Cyber Defense Center
There are countless users who have fallen victim to cybercriminals who have stolen their login data from the databases of large companies. In recent years, customers of Adobe, Ebay, Equifax, LinkedIn, Marriot International, Yahoo, and others have been affected[ii]. In each of these cases, millions of accounts were compromised. Annual global costs associated with data breaches and cybercrime reached nearly $1 trillion last year[iii] – this is a number with 12 zeros. 70 percent of hackers now penetrate enterprise systems through endpoints. These are private devices, company laptops or unsecured home connections and cloud-based applications. It is through these endpoints that malicious attacks on IT infrastructures become possible.
Securing access is becoming increasingly difficult
Secure access to data, applications, and other resources can become particularly problematic when someone wants to access internal IT infrastructures and data from the outside. For mobile companies and customers, this is often the case. As more and more processes and data are moved to the cloud and both work and commerce take place anywhere there is an internet connection, it becomes increasingly important but also more difficult to secure access. This is exactly what has made MFA popular in recent years. Furthermore, the home office boom, along with the tremendous advancement of cloud technologies, has fueled MFA implementation. In recent years, the MFA market has therefore grown rapidly[iv]. Multi-factor authentication can be used to confirm the identity of users to allow them digital access. Most widely used is two factor authentication (2FA).
A cracked password will not be enough
Worldwide, MFA was already used decades ago, among other things, to secure private Internet banking - with the use of so-called RSA tokens [v]. However, MFA only became a generally known term when big brands such as Facebook, Google, Apple, and eBay joined in. In addition to a username and password (something you know), a code is required that is generated via e-mail, SMS or token (something you have). Biometric factors, such as facial recognition or fingerprint can be implemented in addition (who you are). Thus, it will not be enough for an unauthorized user to gain access to a password, as long as he does not have access to the current security code, which is retrieved via email, phone or token.
The weakest link in the security chain?
MFA is not a magic bullet either; after all, the technology is used by people - and people make mistakes. Because different types of MFA are used on different systems, users have to cope with different methods of authentication, just as they have to cope with passwords. Furthermore, experts know that there are users who accept MFA requests even if they haven't tried to log in anywhere. Which again proves that humans are the weakest link in the security chain. Then there are technical attacks that make MFA vulnerable. SIM swapping[vi] for example: Cybercriminals use this inherently useful function offered by mobile phone providers to break into user accounts. To do so, they obtain a user's cell phone number. Twitter CEO Jack Dorsey recently lost control of his own Twitter account through SIM swapping. What exacerbates the problem is that criminals are often able to access other accounts of the affected users after an MFA break-in.
So MFA isn't perfect - but organizations that rely solely on passwords are at much greater risk. Furthermore, MFA can be made more efficient through accompanying measures, such as employee training.
The most popular MFA solution in the world
The most widely used MFA solution in the world is SecurID[vii]. This identity platform from RSA is used by 13,000 organizations around the world to manage 50 million identities and provide 30 million users with secure access to their systems. Security must be practical and easy to use or it won't resonate with users. SecurID therefore offers a variety of authentication options to meet the needs of diverse users, such as tokens, key fobs, apps and push notifications, biometric devices and wearables, and support for FIDO-based authenticators.
Multifactor authentication is critical today to reduce the risk of access-based attacks, but integration and implementation challenges can slow these efforts. SecurID and UMB can help you to successfully overcome this challenge. UMB is an RSA Secureworld titanium partner. Let us make your IT environment secure. Contact us.
UMB Cyber Security: Modular Protection for a Digital World.
[v] RSA SecurID Hardware Tokens
[vi] How to Protect Your Phone Against a SIM Swap Attack | WIRED