SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

FIDO: The word that could defeat phishing attacks once and for all

Thu, 20th Feb 2020
FYI, this story is more than a year old

Phishing attacks are a longstanding cornerstone of cyber attack methods. Even after years of attacks and defenses, there are plenty more phish in the sea - and people are still getting hooked.

Phishing has gone far beyond dodgy looking emails that ask people for their login details to a bank they never even bank with – now phishing emails and tactics are so convincing that even seasoned tech addicts are being fooled.

Unfortunately, phishing attacks could be here to stay. According to a recent survey from RSA and the SANS Institute, 42% of organisations have suffered a loss event or realised risk as a result of a careless employee, external threat actor, or a negligent third party.

Phishing is a socially motivated attack method that preys on people's inattention and fear. Attackers know that sometimes they don't need to attack the technology – they just need to attack people instead.

If an employee working in finance sees a ‘request' from their manager for a fund transfer, it could be another normal day in the office for them. Except it only takes one phishing email and one fake request for a company to lose money, sensitive data, and much more.

It is a difficult situation for organisations to mitigate. Sure, there are prevention, detection and monitoring systems, two-factor authentication and an endless process of education. RSA says it's a classic arms race, where the attackers collaborate, produce easy-to-use attack tools that make their job much easier and defenders' jobs much, much harder.

Until recently. The security industry is starting to collaborate. The FIDO Alliance is one collaborative effort backed by some of the world's biggest security firms, including RSA.

FIDO is acronym you may have seen or heard in conversations about security. FIDO stands for Fast Identity Online, an authentication method that uses open standards across hardware and software to prevent attacks.

FIDO and FIDO2 may come in the form of a hardware key, it could be embedded in a mobile device or App and works seamlessly over modern web browsers.

FIDO promotes the use of this hardware and software to prevent the possibility of man-in-the-middle attacks from tricking any user into clicking their nefarious website (that happens to look like a copy of a genuine website). Even if an employee clicks on a link (and let's face it – they probably will), with the FIDO-instrumented authentication technology this attack will utterly fail.

Talk to RSA about how phishing prevention technologies like FIDO can protect your business, your employees, and your mission-critical assets.

Learn more about easy and passwordless authentication here.

Follow us on: