Threat Actors Using Social Engineering, Other Technical Techniques to Circumvent MFA Protections.
Acceptto’s CEO, Shahrokh Shahidzadeh shares his thoughts on how MFA is not enough to stop cybercriminals from attacks.
“One issue with multi-factor authentication is that many users share personal data across social media platforms, giving cybercriminals an opening to figure out how to break knowledge-based authentication, says Shahrokh Shahidzadeh, the CEO of security vendor Acceptto.
The way around this is to continually ask for updates and verification during a session to ensure that the user is authentic, Shahidzadeh says. While inconvenient, it’s a way to ensure proper identity, he says.
“Companies and end users that are relying solely on binary authentication tactics, such as two-factor authentication or MFA, need to understand that these solutions are static and stored somewhere, waiting to be compromised time and time again,” Shahidzadeh tells Information Security Media Group. “The best way to avoid a syndicated cyberattack or breach is to assume all credentials, even those yet to be created, have been compromised.”