As companies have gone through a digital transformation, increased adoption of cloud and Internet of Things (IoT), a growing remote workforce, and a technology talent shortage have led to an exponential rise in organizations' attack surface. This expansion makes it harder for security teams to correlate externally...
PayPal is notifying 34,942 Americans that a hacker accessed their personal information during a two-day credential stuffing attack in early December. The San Jose, California-based company says it has not detected unauthorized transactions emanating from affected accounts.
Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, boosting the need for phishing-resistant MFA, says Jeremy Grant. In response, government officials such as CISA Director Jen Easterly have championed FIDO since it's mature and open.
Moving from certificate-based to FIDO authentication reduces overhead and complications for enterprises looking to move away from passwords, says Microsoft's Libby Brown. FIDO allows organizations to go passwordless by simply buying a FIDO key and turning it on in their Azure Active Directory.
Passwordless authentication will gain traction once it addresses edge cases such as logging into Netflix using a remote control, says Hypr CEO Bojan Simic. He shares how a QR code and a biometric identifier on a smartphone can transform the way someone accesses the Wi-Fi at a friend's house.
The FIDO2 standard has driven the adoption of multifactor authentication as well as the embrace of passkeys and conditional UI, says Superlunar's Nick Steele. FIDO2 will help users adopt passwordless flows while protecting websites with public key credentials in a way that hadn't been possible.
Passwords are a major security flaw, yet still remain a staple of most enterprises. KuppingerCole Analysts provide insight on going passwordless for your Zero Trust initiatives.
Read “A Passwordless Future Begins with Credential Management” for insight on:
Improving your organization's security posture...
Cybersecurity leaders must address high levels of complexity regarding authentication and identity security – in fact, 70% say they are overwhelmed by their authentication practices. A survey conducted by Censuswide explore why, as how to get ahead of the challenge.
Download “The 2022 Authentication Survey...
In this audiocast with Information Security Media Group, Joe Garber explains why a single authentication platform is the best way to gain a holistic view across information silos, enabling automation of key actions.
According to Accenture Security's Cyber Threat Intelligence team, information stealer malware - malicious software designed to steal information, including passwords - became one of the most discussed malware types on the cybercriminal underground in 2022.
Information Security Media Group asked some of the industry's leading cybersecurity experts about the trends to watch in 2023. Responses covered a variety of emerging threats and evolving trends affecting security technologies, leadership and regulation. Here is a look at the year ahead.
Data resilience stalwarts Commvault, Rubrik and Cohesity have pulled ahead of rivals Veeam Software and Veritas atop the latest Forrester Wave. Commvault, Rubrik and Veritas took the gold, silver and bronze, respectively, for the strength of their current data resilience offerings.
The attack earlier this year that compromised systems and data at LastPass is more extensive than the password management software provider previously revealed. LastPass says the attacker downloaded from the cloud backups of multiple users' encrypted password vaults, as well as unencrypted URLs.
The Essential Eight is a prioritised list of core mitigation strategies developed by The Australian Cyber Security Centre (ACSC) to assist organisations in protecting their systems against a range of attacks. The Australian Signals Directorate (ASD) considers the Essential Eight as one of the most effective defence...