sb-nz logo
Story image

FIDO: The word that could defeat phishing attacks once and for all

20 Feb 2020

Phishing attacks are a longstanding cornerstone of cyber attack methods. Even after years of attacks and defenses, there are plenty more phish in the sea - and people are still getting hooked.

Phishing has gone far beyond dodgy looking emails that ask people for their login details to a bank they never even bank with – now phishing emails and tactics are so convincing that even seasoned tech addicts are being fooled.

Unfortunately, phishing attacks could be here to stay. According to a recent survey from RSA and the SANS Institute, 42% of organisations have suffered a loss event or realised risk as a result of a careless employee, external threat actor, or a negligent third party.

Phishing is a socially motivated attack method that preys on people’s inattention and fear. Attackers know that sometimes they don’t need to attack the technology – they just need to attack people instead.

If an employee working in finance sees a ‘request’ from their manager for a fund transfer, it could be another normal day in the office for them. Except it only takes one phishing email and one fake request for a company to lose money, sensitive data, and much more.

It is a difficult situation for organisations to mitigate. Sure, there are prevention, detection and monitoring systems, two-factor authentication and an endless process of education. RSA says it’s a classic arms race, where the attackers collaborate, produce easy-to-use attack tools that make their job much easier and defenders’ jobs much, much harder.

Until recently. The security industry is starting to collaborate. The FIDO Alliance is one collaborative effort backed by some of the world’s biggest security firms, including RSA.

FIDO is acronym you may have seen or heard in conversations about security. FIDO stands for Fast Identity Online, an authentication method that uses open standards across hardware and software to prevent attacks.

FIDO and FIDO2 may come in the form of a hardware key, it could be embedded in a mobile device or App and works seamlessly over modern web browsers.

FIDO promotes the use of this hardware and software to prevent the possibility of man-in-the-middle attacks from tricking any user into clicking their nefarious website (that happens to look like a copy of a genuine website). Even if an employee clicks on a link (and let’s face it – they probably will), with the FIDO-instrumented authentication technology this attack will utterly fail.

Talk to RSA about how phishing prevention technologies like FIDO can protect your business, your employees, and your mission-critical assets.

Learn more about easy and passwordless authentication here.

Story image
IBM integrates Okta identity solutions to cloud offerings
“We’re excited to formalise the partnership to provide our joint customers with the technology to help secure their organisations.”More
Story image
Google Chrome postpones changing cookie policy in wake of COVID-19
Google Chrome says it began enforcing secure-by-default handling of third-party cookies with its release of the Chrome 80 update in February. But now the work has been postponed due COVID-19.More
Story image
Forcepoint unveils impressive channel recruits across APAC and ANZ
Cybersecurity firm Forcepoint has named four new key appointments to its leadership team as it looks to strengthen its channel, strategy and sales lineup across the Asia Pacific and Australian New Zealand regions.More
Story image
Online retailers lose millions as 1/3 of customers forget password at checkout
Recently released research has found about one in three of online purchases are abandoned at checkout because people cannot remember their password to access their account and confirm their purchase.More
Story image
Acronis mobilises the home office in the remote working age
One of the biggest changes for Acronis, like many companies, is the transition that allows all employees to work from home.More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More