The multi-factor authentication system (MFA) has seen a significant growth and expansion in businesses worldwide. With the advent of increasingly sophisticated methods, the traditional modes of authentication like SMS and phone calls are being replaced. However, this advanced technology has not curtailed cyber attacks, which are currently at an all-time high.
The IT and computer networking giant, Cisco, has brought this to light in their Trusted Access Report 2024. The report was compiled by their cyber intelligence division, Talos, with the primary aim of understanding the current cybersecurity landscape. The report reveals a paradigm shift in cyber threats, emphasizing the importance of identity.
The study took into account records from Cisco’s Duo platform, which accounted for over 16 billion authentication attempts by businesses in 2023. This massive data set covered nearly 52 million different browsers on 58 million endpoints and 21 million unique terminals across North America, Latin America, Europe, the Middle East, and the Asia Pacific region.
Multi-factor authentication is a security system that necessitates at least two or more verification factors from a user. For example, a user might be required to provide their fingerprint along with a password to access a website or application or any other online services.
Cisco stresses that this system remains a critical first line of defense against identity-based attacks. This is because passwords alone have “well-documented weaknesses,” and can easily “be guessed, deciphered, impersonated, or stolen.” The situation becomes even more precarious when users reuse the same passwords across different services, as revealed by the study.
Despite the growing trend of MFA implementation, Cisco acknowledges that malicious actors are devising innovative ways to steal credentials, leading to an increase in cyber attacks. As they put it, “enabling a second factor does not make an account impenetrable.”
It is also important to note that stronger factors like Fast Identity Online (FIDO) security keys and WebAuthn-enabled biometrics are harder to exploit compared to weaker factors like text messages (SMS) or calls. The usage of the latter has dropped to a mere 5 percent in 2023, marking a 22% decrease from 2022.
One significant aspect of this authentication format is its compatibility with the increase in remote work. In the current scenario, employees can access corporate networks from different locations and devices. This does not limit them to their usual work terminals.
According to Cisco, this situation “requires the creation and management of additional temporary credentials,” thereby emphasizing the need for robust and flexible security measures. This is because the risk of cyber threats often increases in such circumstances.
The rise in cyber attacks is a growing concern, with 85 percent of companies believing that they are ill-prepared against modern cyberattack methods. This is according to the Cisco Secure Readiness Index study.
The study suggests that the average global company has 40 percent of their accounts with no or weak MFA, making them easy targets for breaches to gain access to the corporate environment.
Over the past year, Cisco has observed two types of attacks targeting these systems – Push Harassment and Push Fatigue. The former involves attackers sending multiple push notifications to a user, hoping that the user accidentally accepts a false login attempt. In contrast, the latter occurs when an attacker runs a script with the intention of constantly logging in with stolen credentials.
To combat these types of attacks, Cisco suggests the use of the Cisco Duo MFA system. The usage of this system has increased by 41 percent in 2023, with Japan, the Philippines, and Australia witnessing the most significant growth.
Cisco has also emphasized the importance of the identity and access management (IAM) system. This format establishes a user’s identity and their permissions.
Security breaches in the area of identity often occur, especially as companies expand and shift their operations to the cloud. These companies often need to introduce new IAM systems but fail to completely phase out the older ones. This leads to the co-existence of both systems. There are also companies that support multiple identification platforms, leading to the proliferation of failures of this type.
In the face of digital transformation, identity security can be compromised due to a lack of resources. These resources are typically allocated to IT functions instead of reinforcing the security sector.
As Cisco puts it, “without adequate threat detection, identity infrastructure offers ample opportunities for attackers to access critical systems.” Therefore, it is crucial for identity teams and the company’s Security Operations Center (SOC) to work together around an Identity Threat Detection & Response (ITDR) strategy to ensure everyone is on the same page.
AGAINST THE DISPERSION OF IDENTITIES
Organizations are currently grappling with what Cisco refers to as ‘identity dispersion’. This happens when users have multiple accounts and identities managed by various systems that are not synchronized. As a result, it presents a security risk and a constant operational challenge for many IT and security teams.
According to a report by Talos IR, on average, companies have 340,500 personal accounts from providers such as Gmail, Yahoo, Hotmail, or iCloud with access to company data. This can pose a significant threat if users do not implement strict security measures.
It is therefore imperative to strike a balance between a comprehensive understanding of the devices, operating systems, and browsers used by employees; and the implementation of updated software to prevent unpatched vulnerabilities. This is especially crucial since the percentage of failures due to the use of outdated devices rose by 75 percent in 2023.
In a hybrid work model, organizations must consider the use of virtual private networks (VPNs), strict firewall policies, data encryption, and other security measures to ensure the protection of their systems.
In conclusion, Cisco emphasizes that the dispersion of identity creates vulnerabilities. The shortage of skilled professionals in charge of ensuring the security of organizations makes protecting them from cyberattacks “even more challenging.”
Therefore, it is of utmost importance to identify poorly configured and unused company accounts to prevent potential attacks. It is equally critical to have detection and response capabilities for identity threats.