I could discuss a bunch of statistics about breaches, but since we hear about a new one every week it is almost becoming expected. We are being desensitized to the shock. And, while last year saw a new record number of breaches, they have been rising by about 40% a year for the past three years.1 2 3 While global security spend has also been rising during that period, it hasn’t decreased – or even made a dent – in the number of breaches. Obviously, what we’re investing in is not having the desired effect.
Password-only authentication is an open invitation to attackers and therefore many organizations have begun putting two-factor authentication (2FA) in front of key systems. But, attackers have many ways to get around 2FA.
Better breach protection starts with better identity trust. The more you know about those requesting access to your systems, the more you can trust or not trust who they are.
SecureAuth evaluates characteristics around device, location, IP address, account type, and behavior to ensure only known identities gain access. If a request looks risky, we can deny access or require a secure password reset before granting access. If you don’t look for clues, you will rarely find evidence.
The beauty of this approach to better access security is while it applies more scrutiny to every access request, it also removes authentication disruptions for users posing no threat. SecureAuth processed 617 million authentications last year, 90% did NOT have a 2FA disruption before gaining access.
In an upcoming webinar, I will dive into some of the most common ways attackers bypass 2FA, and provide multiple examples of each. We’ll also discuss ways you can protect your organization from these attackers even if they have stolen credentials and ways to get past 2FA defenses. This information will help arm you to build a business case so you can put more security controls around access points than just 2FA.