Many years ago, phishing was ripe and Multi-Factor Authentication (MFA) came along as the answer to all our problems. Slowly businesses started to deploy this until it became the new normal, and people felt protected. But times have changed; there are lots of new attacks doing the rounds and it is now easy, even trivial, for someone to phish an account and bypass conventional second factors. Essentially, MFA is no longer protecting you.
So along came new protocols such as U2F and finally Webauthn. These use the power of asymmetric cryptography to secure sign-ins using hardware based factors, such as Yubikey and TouchID. Passkeys build on this even further, offering a portable solution, without the need for expensive hardware. The problem is that they’ve not been ready for business adoption…. Until 2024 that is.
Antivirus is everywhere, but this old method of ‘check file against a database to see if it is malicious’ no longer cuts it. The hackers know how to evade these traditional ‘signature-based’ protections, which has led to a surge in malware, particularly infostealers. Unlike traditional antivirus measures, EDR solutions scrutinise the behaviour of a machine, identifying malicious activity based on what it is trying to do rather than what it is.
Passwords are past it. It’s time to eradicate them from any corner of your environment they still lurk by shifting your focus towards Zero Trust architecture.
There’s one thing that unites the biggest breaches of 2022, and one thing that can still cut through all your technical measures – social engineering. With the rise of AI and deepfake this is likely to become worse of a problem. Training doesn’t have to be arduous, ‘Micro-training’ focuses on quick one-minute topics, and can be continuously provided to your team, along with real world phishing tests to help you keep on top of the latest social tactics and tools.
As more and more businesses whip their security in-line, so must their supply chain. If your revenue comes from anything other than a direct consumer, then it’s likely Mr Due Diligence will come knocking on your door, clipboard in hand asking, “Do you have Cyber Essentials? ISO 27001?” It pays to be on top of it now. That way, instead of being filtered out, you can have the competitive edge.
Hear me out, this one is not just personal bias! Us security folks have been saying it for a while, and with all these changes, others have started to realise it. Security is no longer a cost centre, it is a business enabler.
If you want your business to succeed to the best of its ability then you need robust information security. This can help you build trust with your clients; show your dedication to staying competitive; win proposals; and, most importantly, help prevent deadly breaches.
For more information about securing your business in 2024, schedule a call and I'd be happy to chat.