Strengthening Cyber Defenses in the Era of Complex Authentication: 4 Strategies for Success

Cisco Duo’s Wolfgang Goerlich authored this articleHow do I know who you are? That is a significant question with no easy answer, yet it is a fundamental aspect of many security discussions and decisions today. How does an organization identify its customers? Which constitute a valid authentication for customer support or bank when they contact us? The process of establishing trust with the person on the other side of the phone or screen holds inherent risks. Although there are tools available to aid us in resolving these issues. Traditionally, credentials are linked to a password which only an individual should know. This, however, poses several problems. Cisco Duo’s advisory CISO expands on how the complexity of digital identity and challenges of authentication continue to evolve and outlines tactical steps to increase defenses. In regards to digital identity, there are multiple types of identities throughout an organization. These range from customer identities to worker, contractor, vendor, and third or fourth-party identities in the supply chain. With each of these potentially providing access to something different, it is important to understand and centralize which ones are relevant at any given time to curb the possibility of various identities falling into the wrong hands. Similarly, identity markers associated with a single person can change over time. Thus, accurately linking each identifier to the correct person is a complex task. This is due to the multiple markers associated with different platforms and applications. The idea of ghost accounts lingering within our environment poses a significant threat. Further complexity arises from identities extending to devices, machines, and programmatic processes, requiring a direct mapping of possession and subsequent privileges. The complexity of the digital identity environment is both vast and ever-growing. Authentication mechanisms have also become increasingly complex. Passwords are known to be weak and are more easily targeted for various attacks. Multi-factor authentication (MFA) was once seen as a solution to the weaknesses of passwords. Yet, it has since found itself susceptible to more advanced attacks such as Adversary-in-the-Middle (AitM) and sophisticated social engineering. To combat the complexity and sophistication of identity-based attacks, organizations must take a proactive and continuous approach to defense. This includes increasing visibility into the identity perimeter, implementing stronger forms of authentication controls, detecting and responding to suspicious activity, and continuously improving defenses.