2023-06-24 08:00:48
Indeed, cybercriminals are on the lookout for the slightest flaw, and bad habits or risky practices expose organizations to significant risks of data leakage. This is why it is essential to reinforce your cyber-hygiene and not to consider cyber-risk as inevitable. Effective means exist to fight once morest these attacks and limit their consequences.
Risks posed by employees authorized to use their own devices
Account compromises are still one of today’s most serious security issues. Yet some companies aren’t doing enough to protect their employees’ data, or to teach them how to defend once morest cyber risks as the threat evolves. For example, our research revealed that 54% of employees do not take regular cybersecurity training. Additionally, nearly 57% of respondents admitted to using a device provided by their employer for personal use in the past 12 months. A large number of professionals even declare having already broken or lost them, whereas these are frequently used to identify themselves to professional accounts.
Additionally, the majority of employees log in using very basic authentication methods, which have proven ineffective once morest today’s most common credential theft tactics. Passwords, for example, remain vulnerable to methods such as phishing, brute force and man-in-the-middle (MITM) attacks. Thus, some organizations are now moving towards authentication that eliminates them altogether, relying on physical solutions such as security keys to prove one’s identity. These provide optimal protection once morest phishing, as the attacker would need to be in possession of the physical key to bypass multi-factor authentication (MFA).
Ensuring a phishing-resistant mode of authentication
In the age of hybrid or remote working, providing secure access to business applications, whether on personal or corporate devices, is paramount. To do this, the implementation of a strong authentication solution, two-factor (2FA) or multi-factor, is recommended. During its application, the user must complete two or more steps aimed at verifying his identity. This adds an additional obstacle for the cybercriminal and prevents him from accessing an account that might allow him to infiltrate critical systems. However, not all forms of authentication are created equal. The most used options, one-time passwords (OTP) sent by SMS and mobile authentication applications for example, are easier to hijack by cybercriminals, as they remain vulnerable to phishing, man-in attacks -the-middle, and account takeovers. In addition, from the point of view of ease of use and experience, although entering a code may seem rather accessible, it can quickly become daunting given the number of connections and applications used each day. Finally, this method requires that the user’s device be charged, and that it picks up the signal at a specific time, which represents variable factors, beyond the control of the user.
Organizations should implement more modern and robust forms of authentication – which also provide a better user experience – by considering moving to passwordless authentication and adopting strong two-factor authentication and authentication. multi-factor authentication. For example, FIDO2 is an open authentication standard hosted by the FIDO Alliance, which offers extensive modern authentication options, including strong single-factor authentication (without password), strong two-factor authentication and multi-factor authentication. FIDO2 reflects the latest set of digital authentication standards and is a key element in solving the problems associated with traditional authentication and eliminating the global use of passwords. This makes it easier for users to identify themselves via devices with built-in safeguards (fingerprint readers, smartphone cameras, or hardware security keys, for example) to access their digital information. These modern solutions have proven to be the most effective enterprise-wide cybersecurity options, both user-friendly and bridging the gap between internal and external user authentication.
Importance of training and communication
Today, professionals are increasingly aware of the need to improve their cyber-hygiene and to be trained in good online practices. Indeed, users who are not aware of cybersecurity are not able to identify compromise attempts, or even to limit their impact at their level. Therefore, it is essential that companies offer continuous and regularly updated training to all their staff to effectively combat the proliferation of cyberattacks. Also, when deploying new security techniques, they must at all costs emphasize the gains and advantages in terms of ease of use of the solutions chosen, in order to guarantee their proper adoption.
Faced with increasingly sophisticated cyber threats, organizations must strengthen their defense systems. To achieve this, in-depth training of their staff, combined with the implementation of modern authentication solutions such as 2FA and MFA, is an essential step in an overall security strategy to effectively protect their resources and data. .
1687609861
#limit #risks #data #compromise