Last year, a stunning 74% of cybersecurity attacks involved social engineering, human errors, or misuse. It’s easy to see why attackers have capitalized on the human factor in the current environment: As strong as network perimeters have become, remote access has created a new landscape that needs to be defended differently, so attackers have pivoted to focus on the easier route—people and the devices we use. Whether the target is a CEO or a temporary contractor, the new reality is clear: Identity must now be treated as a full-blown cybersecurity perimeter.
“Exploiting a vulnerability requires a deep expertise and sophisticated tooling. Instead, attackers focus on what’s easy—and that’s usually breaching the identity,” says Iva Blazina Vukelja, VP of Product Management, Cisco Duo. “Even using multi-factor authentication, which is more secure than traditional passwords, attackers can exploit you if you’re using weaker forms of MFA. And because there is less visibility around those attacks, they’re harder to detect.”
Not all authenticators are equal
Multi-factor authentication (MFA) can mitigate risk by introducing additional hurdles for potential attacks, but the rise of identity-based cyberattacks has shown that simply enabling an additional factor does not make an account impenetrable. Strong cybersecurity requires visibility into identity systems activity, identity risk detection, and automated risk and trust driven controls, so that even if a user is targeted, the chances of an attacker completing the compromise are significantly lower.
Identity and access management software like Cisco Duo meet market demands for both stricter security controls and ease of use, with state-of-the-art techniques to defend against sophisticated phishing, attacker-in-the-middle and push-bombing attacks that may compromise weaker forms of MFA. By providing greater visibility of the security perimeter, Vukelja says, it’s easier to recognize whether advanced MFA factors like passwordless authentication are covering all individuals and accounts—and if they haven’t, you can spring into action to secure those gaps before they’re compromised.
“You have to really understand what’s going on in that identity perimeter,” she explains. “You may roll out your MFA, but is everybody on it? It’s important to know if the controls you think you have rolled out have been adopted by all disparate workforce populations. And if not, think about mitigating controls.”
Why ITDR should be the top IT priority
Identity threat detection and response (ITDR) unlocks unprecedented visibility and observability across different identity systems. It also offers new calculations of risk signals based on identity data that were not previously possible to detect.
“Relying on weak forms of MFA, like SMS texts and push notifications, reminds me of a house with shabby locks,” Vukelja says. “It’s easier to break in and harder to tell who has entered. By comparison, identity threat detection and response allows comprehensive and correlated visibility into what is actually going on. It’s like adding a whole-house security system.”
Powered by advanced ITDR capabilities, identity and access management software like Cisco Duo can automatically detect and respond to advanced attacks such as session hijacking. Security teams are no longer limited to responding post-breach, and as risk signals are identified, they’re seamlessly integrated into your access security and management controls to make confident decisions in real time. This emerging innovation in identity security provides much-needed visibility into digital identities and automation of security responses based on risk analytics—all without adding unnecessary friction to the user experience.
“For the first time, the MFA can actually take a risk signal and automate a response without too much authenticating,” Vukelja says. “We can do that because Cisco Duo has this unprecedented observability that we use to automate breaking up trust and do that only when it’s needed. When we receive a risk signal, we can react quickly, protect the user, and provide security professionals visibility.”
The rise of privacy-first cybersecurity
One key difference in Cisco Duo’s strategy for comprehensive identity protection is a total commitment to user privacy. By using a patented method to ascertain trust without intrusive GPS tracking, for example, Cisco Duo can monitor the identity perimeter without knowing a user’s exact location.
Most contextual access controls rely on IP addresses and geo locations, making the location signal noisy and ineffective when using VPNs. Enter Duo’s patent-pending WiFi Fingerprint technology: It creates an anonymized fingerprint of the wi-fi networks available to a user’s device to detect a change in location at the time of authentication. This helps to improve accuracy and reduce false-positives while preserving user privacy. If location has changed, Duo can automatically step up authentication requirements.
As attackers develop new methods to compromise digital identities and access, comprehensive protection of the identity perimeter will only become more essential for enterprises. That’s why IT leaders should swap out their “shabby door keys” and prioritize ITDR for greater visibility and observability of risk signals. Effective identity and access management software confirms device trust, user trust, and context trust, while providing the ability to automate agile access controls in real time, reacting to emerging risks without jeopardizing user privacy.
The rapid maturation of cyberattacks highlights why identity security tools and strategies are crucial for both large and small enterprises. With identity now central to digital operations, organizations prioritizing strong yet frictionless identity and access management will benefit by staying ahead of threats and minimizing the possibility of future compromises.
Ultimately, the most important step is recognizing identity as the foundation of effective cybersecurity. “Even the best cybersecurity strategy,” Vukelja insists, “is only as strong as its weakest point.”