Page 113 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 113
circumventing onerous technology and security controls than we do in building the habits and behaviors
that would reduce overall risk in our organizations.
Compromised credentials and poor access controls—both of which involve usernames and passwords—
are the reason some 15 billion identity records circulate across the dark web today. The problem has
become so critical that last year’s OWASP top 10 named “Broken Access Control” as the number-one
risk. To reverse this trend – and literally save us from ourselves, from our lax behaviors and ineffective
controls – we must look to technologies that reduce or eliminate human error by design.
Organizations the world over have woken up to the fact that compromised credentials—at the root of
more than 80% of all breaches-–are their biggest threat. In other words, awareness of the problem has
finally caught up with what the data have demonstrated for years, and we now recognize that addressing
a few key access points with passwordless options or biometric solutions doesn’t go far enough to
address the root cause.
2022 is the year to go passwordless.
Because passwords are easy to discover and exploit–and because they’re plentiful—if organizations
don't embrace the passwordless trend, bad actors will continue logging in with stolen passwords and
companies will continue to suffer breaches.
2022 is also the year to stop pretending that existing two-factor (2FA) and multifactor (MFA)
authentication tools will deliver anything more than marginal improvements to a poor security posture.
The massive levels of user friction and workflow interruption alone are good reasons to stop investing in
2/MFA because they hinder widespread adoption and use of the technology; the fact that such solutions
also do nothing to curtail phishing attacks, ransomware, credential stuffing, man-in-the-middle, SIM
swaps, push bombing, and other popular attack vectors mean organizations cannot depend on them to
secure the devices and work products of remote and hybrid workers.
We’re seeing more and more business leaders starting to prioritize budgets and fast-track proof-of-
concept (POC) engagements to find passwordless solutions that will work across the enterprise at every
access point. Successful deployments will reduce IT complexity, streamline use-case support, and offer
a seamless user experience–one that enables people to log in easily and securely from anywhere in the
world without using vulnerable passwords.
Advanced passwordless solutions are embedded in continuous authentication models that remove the
zero-sum trade-off between better security and a better user experience by allowing users to authenticate
into workstations, physical doors, and other sensing assets simply by being close to them; they also
deploy AI/ML to approximate distance from sensing objects without requiring pairing or further
interactions to work. They use behavior pattern analysis to authenticate intended users and remove
access from unintended users. Importantly, they also empower enterprises to consolidate solutions,
113