What does the biggest mistake in Oscar history have to do with security?…. The Human Vulnerability Factor
“To err is human” or “Everyone makes mistakes!” And it’s true! Regardless if Warren Beatty grabbed the wrong card for Best Picture or he was given the wrong card by the Academy, some human made a mistake, it caused embarrassment, and a media circus followed. Similarly, your employees, partners, and customers are human and can make mistakes that lead to security breaches with significant monetary loss, embarrassment, brand erosion, and unwanted media attention.
How can user mistakes cause protection gaps for organizations?
Humans will:
- Create/use weak passwords that are easy to guess by attackers
- Reuse similar passwords across multiple logins, thereby making all uses of that password less secure
- Store passwords in insecure places and be duped into sharing with attackers
- Click on phishing links that allow attackers to gain an initial foothold within private networks
- Click on MFA methods even when NOT authenticating, allowing attackers in the front door
- Loose devices used for authentication, when in the wrong hands can cause vulnerabilities
Organizations have tried for years to educate humans on solid security practices, but humans make mistakes and no amount of ‘training’ can stop it. SecureAuth has accepted that humans are fallible and has developed authentication solutions that remove human vulnerabilities such that even if your human users make a mistake, it will not compromise organizational access defenses.
Stolen Credentials are on the rise
In a recent Wakefield Research survey of IT decision-makers, roughly 55% of organizational assets are protected by multi-factor authentication. And this is a great first step, but it also means roughly 45% of assets are protected by username and password at best. With 63% of reported 2015 breaches involving stolen credentials, and this number on the rise the past couple years, oftentimes attackers are walking in the front door with compromised credentials. Whether those credentials are guessed (because of weak PW strength), phished, or bought (hundreds of millions of users’ credentials are available today on the dark web), organizations need better security than single factor authentication.
Multi-factor authentication is not the end all be all answer
Knowledge Based Questions (KBAs) can be easily be defeated by browsing most people’s social media (Street you grew up on, Maiden name of mother, First car or pet). NIST, the National Institute of Standards and Technology, no longer recommends one-time passcodes via SMS/Text because of vulnerabilities. Hard tokens have been compromised in the past, and popular “Push-to-Accept” has been ‘Accepted’ when user is NOT even authenticating, allowing attackers in network with stolen credentials. Modern organizations need more than multi-factor.
SecureAuth Protects Against Human Fallibility
SecureAuth analyzes every access request, looking for abnormalities and risk. Answering question like; Do we recognize a user’s device, is the incoming IP address good and not been involved in nefarious activities in the past, request coming from a known good location, without oddly timed requests, access request coming from a phone number that has not recently been ported, coming from a known and approved carrier network and phone type, and more. We call this Adaptive Authentication and it provides many pre-authentication risk checks without users even knowing. Without disrupting user for a multi-factor authentication step every time, Adaptive Authentication can only require an MFA disruption if risk present, thereby providing a great user experience.
SecureAuth can even offer Passwordless Authentication. Moving away from knowledge-based factors, like passwords, toward factors that are much harder to extract improves security. Replacing vulnerable passwords with fingerprint biometrics, for example, drastically improves security beyond antiquated passwords. The addition of our multi-layered risk analysis (Adaptive Authentication) gives organizations the high identity confidence to remove passwords.
SecureAuth offers Symbol-to-Accept, new multi-factor authentication method that requires users to think and not robotically auto-hit “Accept” giving attackers unencumbered access.
Whether you are seeking multi-factor solutions to cover more resources today or seeking progressive protection regarding your identities that Network and End-Point security can’t help with, SecureAuth offers paths to the industry’s most advanced adaptive access control.
