authentication Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

authentication

Gatekeeping Digital Realms: Top tips for effective Authentication in cybersecurity

 960 640 Stuart O'Brien
By:
0
0

The first line of defence in protecting digital assets and data is effective user authentication. Ensuring the right individuals have access to your systems is paramount to maintaining a robust cybersecurity posture. Here, we explore key tips for optimising your authentication processes…

  1. Adopt Multi-Factor Authentication (MFA): MFA adds an extra layer of security to your authentication process by requiring users to provide at least two forms of identification before accessing the system. These typically include something the user knows (password), something the user has (a physical token or smartphone), and something the user is (biometrics). MFA significantly reduces the risk of unauthorized access.
  2. Implement Strong Password Policies: Encourage the use of complex, unique passwords and regular password changes. Tools that generate random passwords can help users create strong passwords, and password managers can assist in securely storing them.
  3. Biometric Authentication: Biometric systems that use fingerprint scanning, facial recognition, or voice patterns provide a high level of security and can be more user-friendly. However, consider the privacy implications and ensure the biometric data is stored securely.
  4. Risk-Based Authentication: This form of authentication assesses the risk associated with a user request and adapts the authentication process accordingly. For instance, if a login attempt comes from an unfamiliar location, the system might require additional identity verification.
  5. Leverage Authentication Protocols: Employ protocols like SAML (Security Assertion Markup Language) or OAuth for single sign-on solutions. These protocols allow users to authenticate multiple applications and services with one set of credentials, increasing user convenience without compromising security.
  6. Secure Your Authentication Data: Any data involved in the authentication process must be stored securely. This often means using encryption and hashing algorithms to protect data both at rest and in transit.
  7. Educate Your Users: Regardless of the authentication technology you use, user behaviour plays a critical role in maintaining security. Regularly train your users to recognise and avoid potential threats, such as phishing attempts that aim to steal credentials.
  8. Ensure System Interoperability: The authentication solutions you choose should play well with the rest of your IT infrastructure. Ensure your authentication methods are compatible with the systems and software you’re using.
  9. Regular Auditing: Regularly audit your authentication processes to identify potential weaknesses or areas for improvement. This includes keeping track of who has access to your systems and making necessary adjustments.
  10. Be Ready for Changes: The field of cybersecurity is dynamic and constantly evolving, and so are authentication technologies. Be prepared to update or change your authentication methods as new threats emerge or better solutions are developed.

Implementing robust authentication processes is essential for maintaining cybersecurity. By adopting multi-factor authentication, implementing strong password policies, leveraging biometric and risk-based authentication, and regularly auditing your authentication processes, you can greatly enhance your organisation’s security.

As always in cybersecurity, the key is to stay vigilant, adaptable, and proactive.

Are you looking for Authentication solutions for your business or organisation? The Security IT Summit can help!

Image by Biljana Jovanovic from Pixabay

Do you specialise in Authentication? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in July we’re focussing on Authentication solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Authentication solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jenny Lane on j.lane@forumevents.co.uk.

Here’s our full features list:

July – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management
Jan 2024 – Anti Virus
Feb 2024 – Access Control
Mar 2024 – Intrusion Detection & Prevention
Apr 2024 – Phishing Detection
May 2024 – Advanced Threat Dashboard
Jun 2024 – Browser/Web Security

Do you specialise in Authentication? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0
Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in July we’re focussing on Authentication solutions. It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today. So, if you’re an Authentication solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk. Here’s our full features list: July – Authentication Aug – Penetration Testing Sep – Vulnerability Management Oct – Employee Security Awareness Nov – Malware Dec – Network Security Management

Do you specialise in Authentication Security? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
9

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in July we’re focussing on Authentication solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Authentication solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

July – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Do you specialise in Authentication solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in July we’re focussing on Authentication solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Authentication solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Financial services organisations ‘increasingly prone to authentication and DDoS attacks’

 960 640 Stuart O'Brien
By:
0
0

Financial services organisations have experienced a significant increase in the number of authentication and distributed denial of service (DDoS) attacks over the past three years.

That’s according to research from F5 Labs, which says the opposite was true of web attacks, which were notably down during the same period.

The analysis, which examined customer security incident response (SIRT) data from 2017-2019, covered banks, credit unions, brokers, insurance, and the wide range of organisations that serve them, such as payment processors and financial Software as a Service (SaaS).

On average, brute force and credential stuffing constituted 41% of all attacks on financial services organisations over the full three-year period. The percentage of attacks grew from 37% in 2017 to a high point of 42% in 2019.

Brute force attacks involve a bad actor attempting large volumes of usernames and passwords against an authentication endpoint. Other forms of brute force attacks simply use common lists of default credential pairs (for example, admin/admin), commonly used passwords, or even randomly generated password strings.

Occasionally, brute force attacks leverage credentials that have been obtained from other breaches. These are then used to target the service in an attack known as “credential stuffing.” 

Delving deeper, F5’s SIRT team found that there were clear regional variations in attack trends. In EMEA, brute force and credential stuffing attacks only amounted to 20% of the total, which is higher than the 15% observed in Asia Pacific but significantly lower than North America’s 64%. The latter is likely driven by a large volume of existing breached credentials.

“The first indications of an authentication attack are often customer complaints about account lockouts, rather than any sort of automated detection,” said Raymond Pompon, Director at F5 Labs.

“Early detection is key. If defenders can identify an increase in failed login attempts over a short period of time, it gives them a window of opportunity to act before customers are affected.”

DDoS attacks were the second biggest threat to financial services organisations, accounting for 32% of all reported incidents between 2017 and 2019. It is also the fastest growing threat. In 2017, 26% of attacks on financial services organisations focused on DDoS.  The figure soared to 42% in 2019.

Yet again there were distinct regional variations. 50% of all attacks reported in EMEA over the three-year period were DDoS-related. Asia Pacific was similarly affected with 55%, but the volume dropped to 22% in North America.

According to F5 Labs, denial-of-service attacks against financial service providers usually target either the core services used by customers (such as DNS) or the applications that allow users to access online services (i.e. viewing bills or applying for loans). Attacks are often sourced from all over the world, likely via the use of large botnets that are either rented out by attackers, or purpose-built from compromised machines.

“The ability to quickly identify the characteristics of traffic when under attack conditions is critically important. It is also vital to quickly enable in-depth logging for application services in order to identify unusual queries,” Pompon explained.

While authentication and DDoS attacks continue to spread, there was also a concurrent dip drop in web attacks against financial services organisations. In 2017 and 2018, they accounted for 11% of all incidents. In 2019, it was just 4%. 

“While it is difficult to determine causality, one likely factor driving this trend is the growing sophistication of properly implemented technical controls such as web application firewalls (WAFs),” said Pompon.

F5 Labs’ 2018 Application Protection Report found that a greater proportion of financial organisations tend to deploy WAFs (31%) than the average across all industries (26%).

Most of the web attacks recorded by the F5 SIRT centred on APIs, including those related to mobile authentication portals and Open Financial Exchange (OFX). Web scraping –copying content for the purpose of creating realistic phishing pages – was also in evidence. 

F5 Labs suggests that web attacks against financial services targets tend to be more persistent compared to other sectors – partly due to the cybercriminals’ precise targeting and the potential high value of success.

F5 Labs’ analysis concludes that, although the financial services industry tends to require less convincing about the merits of substantive security programs, there is no room for complacency.

“Despite the valuable assets at stake, it can still be a challenge to convince some organisations of the need for multifactor authentication, which probably represents the most impactful way to prevent nearly all access-style attacks like brute force, credential stuffing, and phishing,” said Pompon.

“Having said that, there is still a lot that can be done. On the preventative side this includes hardening APIs and implementing a vulnerability management program that features external scanning and regular patching. On the detective side, it is critical to continually monitor traffic for traces of brute force and credential stuffing. As ever, it is essential to develop, and regularly practice, procedures for incident response that address all risks.”

Do you specialise in Authentication solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in July we’re focussing on Authentication solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Authentication solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

Image by ar130405 from Pixabay

Do you specialise in Authentication Systems? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – in August we’re focussing on Authentication Systems.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Authentication specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Lisa Carter on lisa.carter@mimrammedia.com.

Here are the areas we’ll be covering, month by month:

August – Authentication

September – Penetration Testing

October – Vulnerability Management

November – Employee Security Awareness

December – Malware

For information on any of the above topics, contact Lisa Carter on lisa.carter@mimrammedia.com.