Multifactor authentication should be the default, not an option, says U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly. She told an industry conference that vendors should "forcefully nudge" users into MFA and offer a more complete feature set for users who want it.
Multifactor authentication was supposed to be the standard, but the sharp rise in highly successful MFA bypass attacks shows the industry needs to go further in verifying identities. Keynote speakers at Authenticate 2022 said the future of passwordless technology could answer this latest threat.
Year after year, cybersecurity researchers report that
compromised user credentials are the cause of more
than 80% of data breaches and ransomware losses.
Your organization needs an innovative and effective way to keep
hackers out of any network.
Download here to garner insights into a multi-factor...
The frequency of ransomware attacks as part of a data breach more than doubled last year putting every organization at increased risk. Current authentication methods are outdated and broken. However, as the attacks from threat actors have advanced, so must the technology of MFA.
MFA is no longer the sole province...
The latest ISMG Security Report examines whether banks should be held liable for the rapidly increasing Zelle fraud problem, explores the latest M&A activity among IAM vendors, and discusses the implications of the new legal framework for personal data transfers between the U.S. and Europe.
In Part 1 of a three part-video series, Andrew Abel, a cybersecurity and zero trust consultant and CyberEdBoard member, and Chase Cunningham, CSO at Ericom Software, share tips on how to create an identity strategy within the broader context of zero trust.
The latest edition of the ISMG Security Report discusses how adversaries have a new favorite tactic to circumvent MFA, why vendor Akamai is an appealing target for private equity, and what the industry can do differently to attract more females to leadership roles.
The January memorandum from President Biden’s Office of Management and Budget calls for adopting multifactor authentication that includes the verification of device-based security controls, continuous monitoring, and authentication and mandates a switch to phishing-resistant MFA by January 2023.
The world of work has changed. For businesses. For leaders. For employees. Remote jobs now make up more than 15% of the total opportunities in the U.S. and as we look to the future, one fact becomes clear: remote work is here to stay.
Companies have shifted their strategies to allow for long-term remote or hybrid...
In the latest weekly update, ISMG editors discuss the industrywide implications of a teenager hacking into Uber's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter.
Uber is fingering adolescent extortion hacking group Lapsus$ for the disruption to its internal systems. A self-proclaimed 18-year-old last week spammed the company with vulgar messages and shared online screenshots of the company's cloud storage and code repositories. The FBI is investigating.
Password manager LastPass says the attackers behind the August security incident had access to its systems for four days. LastPass CEO Karim Toubba, sharing details about last month's breach, confirms that there is no evidence of any threat actor activity beyond the established timeline.
The latest edition of the ISMG Security Report discusses the appearance at a Senate hearing this week by the former head of security for Twitter; the top-performing web application and API protection vendors, according to Gartner's Magic Quadrant 2022; and threat trends to watch for in 2023.
Apple issued a patch for a zero-day vulnerability likely exploited in the wild that allows a malicious iPhone app to execute arbitrary code with kernel-level privileges, marking the second smartphone kernel code execution bug fixed by the company in as many months.
Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered. The newest example comes from internet of things security company IOActive in an attack involving two people and customized gear.