Duo's Security Blog

SEPTEMBER 16, 2021

At Duo, we're building a passwordless authentication solution that’s as easy to set up as it is to use – with our world-class security baked in. See the video at the blog post. Your Journey Begins with Multi-Factor Authentication See the video at the blog post. Advisory CISO J. Our experts have you covered.

Authentication 93

Authentication Passwords Phishing CISO 93

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. Until a fully password-free environment is deployed, accepted, and adopted by all users, less secure methods of authentication will still be relied on.

Authentication 112

Authentication Passwords Data breaches Phishing 112

Duo's Security Blog

JANUARY 23, 2024

Additionally, Chief Information Security Officers (CISOs) have also been under scrutiny for the actions they’ve taken to address these issues. WebAuthn addresses this attack vector by requiring strong MFA as it requires physical human interaction when authenticating. Can your organization exclusively support WebAuthn?

Authentication 75

Authentication Accountability CISO Technology 75

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We added multi-factor authentication (MFA) – something you know and something you have or are. What is passwordless?

Authentication 114

Authentication Passwords Password Management Phishing 114

Duo's Security Blog

SEPTEMBER 1, 2023

We’ve been answering these questions in this blog series by unpacking the pros and cons of passkey technology from different authentication perspectives. Today, we’re focusing on how passkeys compare to passwords when it comes to authenticating on cloud sites. Want to dig in deeper on the password vs. passkey debate?

Passwords 60

Passwords Authentication Phishing Technology 60

Duo's Security Blog

FEBRUARY 8, 2021

Setting Up an Instant Registration Database You don’t know who’s going to sign up and register, and you don’t have time to integrate it with any databases you have with citizen data in order to uniquely identify and authenticate them. This does a bit of authentication by proving possession of the email address that was registered.

CISO 81

CISO Passwords Authentication Accountability 81

The Last Watchdog

APRIL 13, 2022

Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S. businesses called #ShieldsUp.

Cybersecurity 214

Cybersecurity Cybercrime Education Government 214

Security Boulevard

FEBRUARY 13, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Here are a few important issues that … (more…).

CISO 52

CISO Authentication Risk Security Awareness 52

Duo's Security Blog

OCTOBER 18, 2022

By this point, we’re all familiar with the list of requirements for a strong password: unique, long, memorable, free from any personal information… But even the strongest passwords can pose a risk if they’re the only thing standing between your users and enterprise content.

Insurance 57

Insurance Passwords Cyber Insurance Authentication 57

Security Boulevard

MARCH 19, 2021

<a href='/blog?tag=Inbound tag=Inbound Threats'>Inbound Threats</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Email Yet they are not without risk in terms of cybersecurity. Social engineering lures are a good example. Request a Demo. Featured: .

Cybersecurity 119

Cybersecurity CISO Social Engineering Technology 119

Thales Cloud Protection & Licensing

MARCH 6, 2020

In my family, we regularly ‘unplug’ and use the opportunity to discuss cyber awareness and topics such as the risks to our family information, how we can improve personal safety, and what are we doing to prevent identify theft. Before implementing any long-term security strategy, CISOs must first conduct a data sweep.

Encryption 130

Encryption Authentication Passwords CISO 130

Duo's Security Blog

MARCH 5, 2021

We covered differentiating user authentication methods in our last video. Next we will discuss Step 2: Enrollment and Self-Remediation Step 2: Enrollment and Self-Remediation See the video at the blog post. We have created myriad resources that make it easy to get started with Duo. Here are five easy steps to get you on your way.

CISO 52

CISO Authentication Software Data breaches 52

Duo's Security Blog

NOVEMBER 10, 2020

The time has come where we analyze authentication data and produce our wildly popular Duo Trusted Access Report. The report examines 26 million devices used for work and 700 million user authentication events per month to more than 500,000 unique corporate applications, based on de-identified and aggregated data from Duo’s customer base.

Authentication 59

Authentication CISO VPN Technology 59

Cisco Security

AUGUST 11, 2021

In case you missed them, below is a brief recap of some of the Cisco sessions, including a fight that almost broke out between the Incident Response (IR) team represented by Matt Olney, Talos’ Intel Director, and Wendy Nather, Head of Advisory CISOs. Read on for details…. ” -Wendy Nather. Don’t Set It and Forget It.

Backups 136

Backups CISO Ransomware Cyber Attacks 136

Security Boulevard

OCTOBER 10, 2022

Yes, we even have email encryption of all outbound messages with complete data loss prevention enabled with multi-factor authentication! With over 1000 plus vendors going to great lengths to show their greatest over their competitors, the consuming enterprise CISO and CIO will continue to breach, data exfiltration, and ransomware.

Cybersecurity 105

Cybersecurity Digital transformation CISO Firewall 105

Duo's Security Blog

FEBRUARY 17, 2021

Checking status at the point of entry helps mitigate this risk in a practical and immediate way.” — Richard Archdeacon, Advisory CISO, Duo Security But there was a limited time frame to make patches work. The question may arise as to why this is needed if the user has to authenticate themselves and prove their identity.

CISO 103

CISO Risk Backups Security Awareness 103

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. The increasing prevalence of code and services means that software- and code-related risks will not dissipate any time soon.

Authentication 222

Authentication CISO Passwords Software 222

McAfee

NOVEMBER 30, 2021

Relying on the kindness of strangers is not an ideal strategy for CISOs and CIOs. In addition, the more integrations that enterprises accept, the higher the level that their risk is. A good environment will start with strict authentication, making sure that the user from the partner is really that authorized user.

CISO 65

CISO Digital transformation Manufacturing Risk 65

BH Consulting

MARCH 21, 2024

Creeping cyber risk grabbing global headlines Ransomware keeps reminding us of the strong connection between a cybersecurity incident and financial loss. Scale is a factor: larger organisations seem better equipped than SMEs to react to risks. MORE Jane Frankland argues that making CISOs into heroes isn’t helpful. for $50,000.”

Cyber threats 69

Cyber threats Ransomware Healthcare Risk 69

CyberSecurity Insiders

JUNE 24, 2021

As #RansomwareWeek draws to a close here on the (ISC)² blog, we turn our attention to how organizations can defend themselves. Conduct risk assessments and penetration tests to determine the organization’s attack surface and what tools, processes and skills are in place to defend against attacks. Initial Assessments. User Training.

Ransomware 103

Ransomware Backups Penetration Testing Education 103

SC Magazine

MARCH 19, 2021

She said CopperStealer, which Proofpoint fully describes in a blog post , exhibits many of the same targeting and delivery methods as SilentFade, a Chinese-sourced malware family first reported by Facebook in 2019. Users should turn on two-factor authentication for their service providers.”.

Malware 113

Malware Media Passwords Accountability 113

The Last Watchdog

JANUARY 13, 2021

Once children have identified the rewards of being part of the online world and the risks they want to avoid, they can come up with ways to help protect and care for themselves. Similarly, teaching concepts like the value of information and the importance of privacy and discretion can be made simple for children. Encourage privacy behaviors.

Scams 203

Scams Education Password Management Passwords 203

Security Boulevard

FEBRUARY 11, 2021

By Curtis Simpson, CISO. We’re vulnerable, we’re under attack, but we’re not yet moving fast enough in gaining full visibility into our critical OT environments and our integrated unmanaged devices that are at risk for exploitation or disruption with potentially material impacts. Hackers Tap into Oldsmar Water Facility.

Energy and Utilities 52

Energy and Utilities CISO Risk Penetration Testing 52

Cisco Security

AUGUST 30, 2021

This massive explosion in device growth will increase reliance on APIs which brings increased security risk. Besides unauthorized data exposure from the earlier example, unsecured APIs are ripe for all the risks outlined in the OWASP API Top 10 list. It represents a broad consensus about the most critical security risks to APIs.

Software 109

Software Authentication Risk Encryption 109

Centraleyes

NOVEMBER 1, 2023

This blog post will delve into the fundamental principles underpinning effective information security principles and practices. Maintaining confidentiality involves implementing access controls, encryption, and user authentication mechanisms to restrict access to data based on user roles and permissions.

Information Security 52

Information Security Encryption Risk Authentication 52

Security Boulevard

MARCH 24, 2022

Lapsus$ has used tactics such as social engineering, SIM swapping, and paying employees and business partners for access to credentials and multifactor authentication approvals. Per Okta, the incident was mitigated within hours of the initial compromise and is no longer a security risk. What happened in the Okta attack?

Accountability 59

Accountability Authentication Passwords Social Engineering 59

Thales Cloud Protection & Licensing

FEBRUARY 8, 2019

We’ve also addressed what key executives, especially CISOs, should be thinking about as data moves and is accessed across their organizations. While we have an appreciation for the risks enterprises face overall, security concerns are crucial for all. Now, we turn our attention to best practices for data security.

Digital transformation 54

Digital transformation Encryption Threat Reports CISO 54

eSecurity Planet

OCTOBER 29, 2021

“In addition to SolarMarker, the Menlo Labs team has seen a rise in attacks designed to target users, as opposed to organizations, bypassing traditional security measures,” the researchers wrote in a blog post this week. Compromising Devices through Search Results. They said the developers of SolarMarker were likely Russian-speaking.

Malware 109

Malware Ransomware Antivirus CISO 109

DoublePulsar

DECEMBER 3, 2023

This one was, to me, clearly going to be a major issue as it allowed the bypass of multi-factor authentication controls, it didn’t log exploitation and it was easy to exploit. legitimately an (inter)national security risk that is going to keep escalating until something goes very wrong, I fear.

Ransomware 98

Ransomware Cybersecurity Healthcare Government 98

Duo's Security Blog

JANUARY 8, 2021

Setting that aside for the moment, a significant number of organizations deployed strong authentication , adaptive and risk-based access , endpoint device health , and brought these tactics together to secure people working in ways we never imagined back in 2019. Well, it was. But then it wasn’t.

Digital transformation 47

Digital transformation Phishing Authentication DDOS 47

Duo's Security Blog

NOVEMBER 17, 2020

In the rush to move to a work from home (WFH) workforce — maintaining security remotely took a backseat to productivity and survival and risk. “In In the future — which is now, actually — ‘remote access’ will just become ‘access.'" — Wendy Nather, head of advisory CISOs at Cisco's Duo Security The Remote Access Guide Version 3.0

Risk 42

Risk Passwords CISO VPN 42

Security Boulevard

DECEMBER 21, 2021

Authentication. Recommendations for Mitigating the Risk of Software Vulnerabilities ” outlines 19 practices organized into the following four categories: Prepare the organization (PO). Design software to meet security requirements and mitigate security risks (PW.1). Provide secure authentication features. Access control.

Software 59

Software Architecture Risk Penetration Testing 59

Duo's Security Blog

JUNE 15, 2023

Third party security risk is an issue that frequently comes up in my discussions with clients. Meanwhile, Prevalent noted that companies are currently big on exposure but small on preparation, with a staggering 45% still relying on manual spreadsheets to assess third party risk. Control the risk. How simple is the solution?

Risk 126

Risk Authentication Phishing Insurance 126

Security Boulevard

OCTOBER 18, 2022

SaaS use in organizations is growing rapidly , and it is largely ungoverned, meaning that companies are likely failing to comply with their own security, risk and data compliance policies. Security issues related to SaaS are an increasingly troublesome area of risk for organizations, and this is likely to continue.

Risk 52

Risk CISO Architecture Marketing 52

Security Boulevard

JULY 3, 2023

The transformation of IT infrastructure moving to SaaS is happening at a rapid rate , and CISOs realize the need for robust security measures that address the unique challenges SaaS creates. It involves verifying user identities, controlling access to resources and ensuring proper authentication and authorization processes.

Authentication 59

Authentication Accountability Risk Data breaches 59

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Multi-Factor Authentication ( MFA ) can tremendously increase their access security and prevent phishing and social engineering attacks.

CISO 245

CISO Social Engineering Authentication Risk 245

Security Boulevard

OCTOBER 10, 2022

Also like humans, machines must be authenticated to be trusted. Once authenticated using their identity, the machine can then be authorized to access data or resources. Authentication to determine trustworthiness of a machine identity. Reduce the risk of misuse and compromise by the bad guys who use identities in their attacks.

Digital transformation 59

Digital transformation Software Authentication InfoSec 59