Ciptor Safe News January 2023
Cyberattacks are on the raise!
The long-standing, oft-deferred security threat posed by password-based authentication is now front and center. Some of the most damaging cyberattacks in the past year were caused or enabled by weak password protection. For example, the Colonial Pipeline breach that shut down fuel supply operations to the eastern United States was traced to a single compromised password. This untenable risk, along with growing regulatory pressures such as the the 2021 Executive Order on Cybersecurity’s Zero Trust mandate, are prompting more organizations to turn to passwordless options. There’s growing recognition that passwordless security approaches can provide significantly better protection and user experience as well as cost savings. To further clarify the state and direction of passwordless authentication, we conducted our second annual survey among IT and security professionals across the globe.
As organizations look for opportunities to do more with less, they’re no doubt considering how security teams can contribute. With that in mind, I’d like to share priorities for 2023 that will pay off in the long run:
- Traditional multi-factor authentication (MFA) methods are increasingly under attack. These include Remote Desktop Protocol (RDP) attacks, account takeover (ATO) fraud, phishing, man-in-the-middle (MitM) attacks, credential stuffing and push attacks.
- Remote work continues to be the main driver for passwordless authentication, especially against the backdrop of the significant increase in phishing attacks in recent years.
- Organizations face serious security gaps due to insecure authentication methods based on secret-sharing.
- Protect against identity compromise.
- Modernize identity security to do more with less.
- Protect access holistically by configuring identity and network access solutions to work together.
- Verify remote users in a cheaper, faster, more trustworthy way.
Credential attacks are on the raise
Given the vast troves of stolen passwords on the dark web, easily available automated attack tools, and people’s penchant for password reuse, it’s unsurprising that credential stuffing attacks and phisihing continues to grow. Phishing remains at an all time high with 89% of respondents revealing that their organizations experienced at least one phishing attack due to the HYPR, 2022 State of Passwordless Security Report.