The Covid-19 pandemic has created many new challenges for businesses, in most cases accelerating their digital transformation. However, as cyber criminals are much quicker to adapt to the new landscape than big enterprises, cybersecurity becomes a primary concern. Ransomware, phishing, malware and disinformation are the most common tools used by cybercriminals during the on-going pandemic. Last year, the number of data breaches and records being compromised, as well as ransomware attacks, has reached an all-time high – ZDNet reported that “More data records have been compromised in 2020 alone than in the past 15 years combined”. At the same time, the number of known ransomware attacks has increased by nearly 60%.
The real cost of cybersecurity weakness
These numbers translates into huge money losses. The average cost of recovery from a cyber-attack is now estimated to be about $2 million. Meanwhile, the average ransom paid in 2021 was $170,404. It means that the ransomware recovery costs for businesses have more than doubled in the past year (Sophos State of Ransomware Report 2021). What is the reason standing behind most data breaches? Verizon’s 2020 DBIR reports that 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. Passwords have been a weak point in the security chain for decades. Is it time to finally forget them? If so, where should we look for more comprehensive, modern and secure solutions to protect our cyber security?
What you need to know about Passwordless Authentication
Passwordless authentication is all about making the authentication process more convenient and even more secure. It aims to eliminate the use of passwords, passphrases, and other shared secrets in authentication which are the easiest elements to grab by cyber criminals. The main goal of these solutions is to improve the security level through user experience improvement. Most popular passwordless authentication methods are:
- one-time password authorization codes (OTP)
- push-based authentication tools
- confirmation links
- hardware tokens
- digital certificates
- hybrid fraud detection systems (complex solution)
Due to the growing security awareness, these methods become more and more popular. In May 2020, during The World Passwordless Day, Microsoft proclaimed that more than 150 Million people use passwordless login in company’s online services every month. There is a strong reason behind passwordless methods success: such solutions reduce complexity and increases security at the same time. By decoupling authentication from single identity systems, organizations can unify their authentication mechanism with a single, consistent, and fast login experience that promotes productivity and customer engagement.
The biggest threats are those you do not know yet
Usability often takes a backseat in companies’ security strategy, but today we know that user experience improvement is a key driver of business security upgrade. There is just one tiny hitch. In practice, despite being effective, most passwordless solutions can be also problematic. If some additional action engages user during the process of authentication, the risk of data breach significantly increases. That is because some passwordless methods have also several well-known weaknesses: OTP codes are easy to grab, SMS codes are easy to steal, sim cards are easy to duplicate, and email links are easy to grab (many attacks start from an email takeover).
Hardware tokens gives high security level but these days any additional security devices dedicated for individual service cannot be seen as anything different than an inconvenience. What is more, static security solutions are hard in new risks adoption. Any type of a threat can easily cut users off from services or expose their data. However, there is actually a good alternative for traditional MFA (multi-factor authentication) tools. Take a look at the adaptive, rule-based solutions which process information from several independent modules to calculate cumulative session security score.
Analyze, protect & adapt to threats thanks to the innovative approach
Adaptive Security Architecture, a modular, fast and user-friendly solution, allows organizations to assess risks and automatically provide proportional enforcement in security. This software incorporates:
- device/browser fingerprinting
- behavioral based security
- malware detection
- network analysis
- application and anti-tamper monitoring
- configuration analysis (misconfiguration detection)
- user historical activity
How Adaptive Security works in practice? Each of modules calculates security score for an action of a user by collecting the device and software data and exchanging it with the AI engine via cryptographic channel. Thanks to this method, the risk is always calculated on the basis of contextual information. The actual and historical facts are constantly being processed to detect any type of anomalies. If the security score is low and critical attributes are below the threshold, the operation is blocked or requires additional confirmation steps, such as 2FA authorization. What is equally important, each time a user tries to get access to the company’s resources, the final operation result is sent to the engine to reduce false positive scores in the future.
Main benefits of Adaptive Security
Adaptive Security approach uses a combination of integrated measures to help businesses stay ahead of cyber criminals. Thanks to its modular architecture, it is easy to be dialed up or down according to the current needs and use a flexible financial plan. By collecting information from multiple independent sources, it calculates security score to protect data and systems in as agile a way as possible. Covid-19 pandemic changed a lot in terms of how we make business. Now it requires a shift in our security mindset – the incident response is no longer acceptable and has to be changed into a continues one. Adaptive Security is a way to do just that: adapt businesses to the new environment faster than cyber criminals adapt themselves.