CIO article for Tanium by Jason Bloomberg
The post-pandemic reality. Macroeconomic turbulence. Explosive technology innovations. Generational shifts in technological expectations. All these forces and more drive rapid, often confusing change in organizations large and small.
With every such change comes opportunity–for bad actors looking to game the system. Cybersecurity cannot stand still, or the waves of innovation will overrun the shores.
Adversaries continue to innovate. Keeping up–and hopefully, staying ahead–presents new challenges. Here is a short list of recent considerations for CIOs as they work with their teams to shore up their defenses.
Multifactor authentication fatigue and biometrics shortcomings
Multifactor authentication (MFA) is a popular technique for strengthening the security around logins. With MFA, the website or application will send a text message or push notification to the user with a code to enter along with their password.
MFA fatigue or ‘push phishing’ is a popular hack that targets MFA by repeatedly sending the user superfluous, malicious MFA notifications in hopes they inadvertently accept one or simply click to stop the annoying flood of messages.
In other cases, MFA includes a biometric step–reading a fingerprint, scanning a face, and the like. Users appreciate the convenience of biometrics, but they have their flaws as well.
Sometimes they simply don’t work, perhaps due to a change in contact lenses or a new tattoo. Any spy thriller aficionado will also know it’s possible to ‘steal’ someone’s fingerprint or facial image–and once an individual’s biometric is compromised, there’s no way to change it the way we change passwords.
