Reports showed that there has been an increase in ransomware events in the past year. Verizon’s 2022 Data Breach Investigations Report saw an increase of 25% in overall attacks in 2021. Cyber security events are more debilitating for organizations today that operate on a highly interconnected capacity, resulting in broader attack surface, making cyber resiliency even more urgent.

The State of Cyber Security Today

In the last few years, organizations underwent a digital transformation that resulted in extremely interconnected apps, clouds, services, workloads, users, and devices operating in multi-cloud and hybrid environments. While this transformation contributed to convenience for end users, it has made organizations and enterprises more vulnerable to cyberattacks.

With the plethora of apps and databases and digital services that a singular enterprise employs today, cyber security leaders must oversee and control a wider breadth of vulnerable surface to avoid attacks. However, it is not just the attack surface that they need to oversee. They must also be aware of the beneath-the-surface relationships between applications. Due to their interconnectedness, a successful cyberattack on one asset could compromise others, if not the whole system. Enterprises must, then, find a way to minimize vulnerabilities such that the rest of the system can operate safely even after an asset has been compromised.

Attack Surface Management

A solution to the increased vulnerability due to wider attack surfaces is attack surface management. This new cyber security strategy involves mapping relationships within the business systems, automating the discovery of security coverage gaps, therefore allowing organizations to mitigate risk. With attack surface management, organizations can implement preventative policies and plans that protect the system as a whole and minimize tendencies to overlook some vulnerabilities.

Here are some steps enterprises can take to start implementing attack surface management:

Evaluate new vendors carefully, ensuring that they have secure third-party integrations and exposed interfaces.

Implement reporting standards. Take full advantage of CISO standards to map out new assets, vulnerabilities, tickets they addressed and attacks foiled, and the attack surfaces associated with critical business functions.

Emphasize the need for transparency in app creation, third-party access, and identity management.

Keeping Up With Ever-changing Tides

Protecting and managing your attack surface is crucial in today’s cyber security climate. Enterprises can protect their increasingly interconnected systems with passwordless authentication. Nok Nok Inc’s passwordless authentication systems integrates well with attack surface management strategies. This system enables users to sign in across platforms and apps securely without the need for passwords, which are so easy to steal. Our passwordless authentication protects entire cyber ecosystems from attacks. These are supplemented by multifactor authentication so that even if a password is compromised, other assets remain safe. Learn more about Nok Nok Inc’s products here.

Remote work is the present. Over 97% of workers prefer working remotely, and more employers are starting to embrace remote work. However, for cyber security leaders, remote work means more cyber security risks. Traditionally, IT professionals relied on VPNs to safely give employees access to company data and apps. However, VPNs are no longer suitable for the modern hybrid workplace. The key? Password free, zero-trust security.

Why VPNs Are No Longer Enough

Virtual private networks or VPNs were once the height of privacy and security over the Internet. The encrypted connection protects organizations’ networks while allowing employees to exchange information digitally through trusted computers. However, with the rise of remote work and the practice of “bring your own device” or BYOD, VPNs have become an easy target for hackers.

With employees bringing their own devices to work, IT administrators can no longer monitor how safe the devices are. So, when a compromised device or credential gets access to a VPN network, the entire network becomes compromised as well. Sometimes, it takes years for IT administrators to notice that their network has been compromised, meaning that their data (and that of their clients) are leaked continuously for years.

Apart from that, VPNs simply no longer fit the modern workplace set up. Keeping a VPN network has become costly and time-consuming, resulting in poor user experience. It is costly for IT administrators to check and ensure that each device can be trusted. For organizations with remote workers in different geographical areas, they will need to establish additional VPN servers in these employees’ locations.

A Modern Solution: Zero-Trust Approach

A zero-trust security model removes trust on all devices, and requires all users inside or outside the network to be authenticated, authorized, and validated before being granted any access to the organization’s data. This minimizes instances of misuse and compromised credentials.

This type of security framework turns a decentralized IT network into an advantage. By requiring continuous vetting for every attempt to access the network, zero-trust is able to limit the access of a hacker, and, therefore, the impact of a data breach. IT administrators will also be able to detect a breach right away and respond right away.

Password Free Approach To Security

The zero-trust approach is best implemented with password free authentication. KBA-based authentication tends to be burdensome to the users and easy targets to hackers. By replacing passwords with key-based authentication, organizations enjoy 99.5% sign-in success rates, 78% sign-in speed increases, and increased security overall across employee and customer logins.

Check out Nok Nok products to learn more about how password free authentication fits your organization.

After a slew of cyber security attacks since late 2021 on top US companies and federal agencies, the House Appropriations has made the critical decision to fund additional cyber security initiatives. Data breaches and theft are a serious problem that has plagued organizations and individuals alike, especially government institutions. This move is a potentially transformational step for the US that will enable them to advance private and public security technologies.

$15 Billion Allotment For Cyber Security

House Appropriations marked $15 billion for cyber security spending for the fiscal year 2023. These investments came as a response to President Biden’s executive order urging federal agencies to improve security standards. The executive order focuses on improving information sharing between government agencies and private sector companies and urging agencies to adopt a zero-trust policy that includes the FIDO Alliance specification, in addition to boosting preventative measures.

CISA or Cybersecurity and Infrastructure Security Agency, a civilian organization, received $2.9 billion, $417 million more than the amount requested by the Biden administration. This investment is bound to supplement key services that CISA provides to other federal agencies under the National Cybersecurity Protection System. Key services include continuous diagnostics and mitigation, endpoint detection, FIDO Webauthn and so on.

The House Appropriations has allotted $11.2 billion for the Defense Department, which comes with a request to study ways to collaborate more with CISA. Lawmakers asked the department to support CISA with responding to intrusions from Russia and China.

Other departments were also awarded funding aimed to help them improve their security capabilities, to support research and engineering, and even recruit and train future cyber security professionals (in the case of the National Science Foundation).

The different agencies awarded additional funding each have cyber security departments tasked with protecting them from security attacks. The additional funding allotted by the House Appropriations would empower these agencies. Strengthening the agencies’ cyber security capabilities would serve as the building blocks that would ultimately fortify the security of the nation.

Stronger Defenses For The Nation

As technology development continues to progress, cybercrime technology also evolves, making the need for modern cyber security to also evolve at a much faster rate. These risks and threats are becoming more and more complex, which is why Nok Nok Inc, along with the global FIDO Alliance, continues to push for safer cyber security measures to protect end-users. Our passwordless authentication through FIDO-based biometric authentication methods is a crucial step toward stronger security for organizations. Learn more about Nok Nok’s products here.

Apple has rolled out a new version of the iPhone’s operating system, the iOS 16. The latest version offers better innovations in design, customization, accessibility, and security with passwordless authentication.

Customizable Lock Screen

The iOS16 now allows for more customizable lock screens. Users can now set up a different wallpaper for their lock screen and home screen. They can also customize the font and widgets they want to see on their lock screen.

Improved Focus Feature

Apple has improved the Focus feature by allowing users to manually select the apps that they want to receive notifications from when the Focus function is active. Users can also customize who will get alerted.

Smarter Siri

Functions that were tricky to accomplish with Siri in previous versions were now improved for easier use of the voice assistant. Siri can now answer and end calls with simple voice functions. Texting with Siri has also improved as it can now automatically add punctuation so users don’t need to dictate them. Users can also add emojis by saying “emoji” and the description of the emoji.

Smoother Dictation

Switching between speaking and typing is smoother with the iOS 16. The keyboard stays open while you speak so you can use it anytime. Users can touch a text you want to replace and replace it with speech.

Additional Features To Live Text

Live Text now has added features that makes extracting information from multimedia more convenient. The new update enables the Live Text feature to recognize and copy text in images and videos. The new Visual Look Up feature allows users to lift a subject in an image and type it in any app. Apart from those, the update includes translation capabilities, a 15-minute undo, and currency conversions.

Writing Improvements

iPhone’s native keyboard was also upgraded with haptic typing for smoother and more efficient writing experience. Haptic keyboard feedback can be turned on or off separately. iOS 16 also features unending and editing in iMessages. The quick notes feature, which was first introduced in iPad OS 15, is now available in iOS 16 as well.

Passwordless Authentication Log In With Passkeys

Passkeys is a digital cryptographic authentication feature that stores the user’s passwords for various apps, websites, and services so they don’t need to remember so many passwords. Passkeys are local to a specific device, which are done in the background for iOS 16. Passwordless authentication protects users from cybercrime while remaining convenient for the users, which is why it’s no surprise that use of passkeys grew in 2020.

If you’re interested in passwordless authentication system, read here to learn more.

Digital-only banks, by providing banking services through digital platforms, offer convenience. However, the majority of consumers remain reluctant to shift to digital-only banks due to concerns on data security. In light of these concerns and the continuous cybercrime attacks on financial institutions, digital banks have a duty to strengthen their cybersecurity capabilities through passwordless authentication.

Data Security Woes

The US Consumer Affairs reports that cybercrime instances have doubled since the start of the COVID-19 pandemic. Since digital banking and e-commerce have become more commonplace in the past few years, data security issues have also increased for end-users. Cybercriminals have evidently begun to target end-users more often. Consumers are worried about password breaches, property theft, identity theft, and fraud, among others. Digital-only providers are, thus, at the forefront of the fight against cybercrime.

A survey by Pymnts.com revealed that the low-friction user experience offered by digital-only banks is enticing for consumers but the fear of cybercrimes is the number one deterrent. The distrust in digital-only banks is particularly strong among baby boomers and Gen Xers, but also exists among millennials. The good news, however, is that with such heightened awareness of the risks, consumers are more willing to forgo convenience for the sake of safety.

Fortifying Security With Passwordless Authentication

Cyber security has always been a primary concern for the finance sector. Financial regulators have established strict security standards for digital banking to ensure the safety of consumers. However, with ever-evolving methods and sophistication of cyber-criminals, cyber security capabilities must be strengthened continuously.

Strengthening cyber security capabilities for digital-only banks is no longer just about fortifying their organization’s internal data, but more importantly, focusing on protecting the end-users. Knowledge-based authentication have proven to be quite insecure, and less secure over time. Consumers often struggle with creating and remembering strong passwords, the ease with which hackers can decode passwords, in addition to techniques like phishing where users could unknowingly reveal their usernames and passwords, making this security and authentication method a thing of the past.

Passwordless authentication is a modern type of authentication that uses public-private encrypted keys combined with device biometrics to replace knowledge-based authentication. A global alliance known as FIDO supports a set of passwordless authentication standards that leverage public-private key pairs. While the public key is shared with a service, the private user key remains safe as it is protected by the user’s PIN or biometrics, such as a fingerprint or facial recognition.

Passwordless authentication is incredibly convenient for end-users but also among the safest and most secure methods for consumers or employees. If you’re interested in strengthening your organization’s cyber security capabilities, read more about Nok Nok’s industry-leading FIDO platform.

“Cloud computing” and “cloud-based applications” continue to provide many significant benefits to corporate-level digital activities. Transferring computational and even software needs online in “the cloud” offers companies many cost and operational benefits. Businesses that use cloud computing can achieve their computational needs online without needing to purchase hardware. Often, that cloud-based computational power exceeds what they could afford if they had to buy their own equipment.

At the same time, could-based storage and applications mean that executives and employees no longer have to retrieve data or work on only one machine at a home office. The data and software are always available online, provided staff has the right equipment and clearance to access it.

However, with these tangible work and cost benefits come new concerns such as security.

IT Experts Are Worried About Cyber Security

The ease of access to online data or applications also means that while staff can access their data or software anywhere, potentially from any online-enabled device, this also raises the possibility that criminals can too. Cloud-based storage and computing require extra cyber security considerations, but in a survey conducted across 1500 IT personnel by the Ponemon Institute, 60% of IT and security leaders lacked confidence in their organization’s ability to correctly handle the extra requirements of cyber security that cloud-based operations require. 59% of respondents cited account takeover or credential/ID theft as the top cyber security risk.

Many IT personnel are finding that traditional legacy security methods such as a single-password system are no longer sufficient to enforce modern security needs, especially now that multiple devices can access the same account. New protocols, such as Zero Trust Network Access, employ newer safeguards, such as multifactor authentication, that add extra, more secure levels of access and, in some cases, eliminate the need for passwords entirely, using biometrics, passkey systems, and other mechanisms that don’t require a user to memorize something to get access to an account or data.

A More Secure Future

As more operations shift to a cloud-based architecture, organizations must accompany this shift with an appropriate reinforcement of cyber security. New multifactor security concepts can do away with the vulnerability of a single-password system and eliminate the inconvenience of a long string of alphanumeric characters to try to offset that vulnerability. Groups like the Fast Identity Online Alliance or FIDO are helping to standardize this transition and make it easier and more interoperable for enterprises to get there. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.

In the past, the traditional forms of digital security consisted of a single password for authentication. While convenient in that single passwords are easy to implement and verify, this system was also vulnerable and even inconvenient in other ways. Those vulnerabilities are becoming more apparent as companies move to cloud-based computing and applications, but fortunately, there is a solution like passwordless authentication.

The Password Problems

First, there is the issue with passwords themselves. The weakest security protocol right now is a single-password system because it means that stealing or guessing a password, complete access to data, or complete control of an account is a given. One workaround is to use “strong” passwords that are long, random strings of alphanumeric characters, making them hard for users to remember. So some, due to “password fatigue,” ignore this guidance for convenience. The other solution is to have many passwords to handle different aspects of a system, but due to the number and complexity of passwords, this often requires a passkey manager, which adds an extra layer of interference.

This has resulted in predictable ways to steal passwords. 80% of the data breaches that occur are usually the result of either “phishing,” which tricks users into volunteering passwords through fake emails, phone calls, or other forms of social engineering, or man-in-the-middle attack, which involves spying on a user and monitoring their access activities to steal passwords when they type them in.

The Passkey Arrives For Passwordless Authentication

The passkey concept is a comparatively new idea in digital security, but it brings a lot of promise for passwordless authentication. It is a feature being implemented by companies like Apple, Google, and Microsoft in collaboration with the FIDO alliance that creates strong, cryptographic keys generated for you for easy passwordless authentication. Users that find apps that accept passkeys can have passkeys created for every username or account. That passkey is automatically entered with just one touch, similar to the autofill or auto-correct functions for text entry.

The system even allows people to log in to other devices that don’t have a user’s account or passkey system present. All it takes is activating the passkey feature that then creates a QR code that a user’s phone scans so the passkey on the phone can verify and authenticate everything. It’s just one more way that security is working on more durable systems that can eliminate phishing and man-in-the-middle attacks while making passwordless authentication simple and easy for people to use. If you’re interested in using the FIDO protocol and moving to a password-free system, read here to learn more.

Through its own primary research, Nok Nok has been aware that limited business data exists about the state of today’s system-level authentication processes and its relation to the business impact of authentication failures. As the first initiative of its kind to address this gap, the Ponemon Institute, working with Nok Nok, launched an industry survey of businesses with current digital transformation projects underway.

The key finding of this Ponemon Study is that there exists a gap between IT security and line of business managers in understanding the various risks and impacts facing their organizations from authentication failures. 

Learn The Costs Of Authentication

This is one of the major takeaways from a study called “The Costs of Authentication Failure and Negligence,” conducted last summer by the Ponemon Institute for Nok Nok. According to this research where more than 1,000 corporate participants were interviewed,  it’s not just a customer inconvenience that arises from authentication failures. Organizations are spending on average $3M annually on these failures and the maximum single loss ranges from $39M to $42M. 

These losses include costs associated with downtime and business disruptions while security teams resolved various issues, loss of customers and the lingering effects of poor brand perception. On a corporate scale, the severity of system-level failures grows enormously. It’s one thing if one customer can’t remember a password, but quite another thing if many can’t. Similarly, one person with a seized account or data held for ransom is bad, but an entire organization is catastrophic. The most common reason for these breaches is authentication failures, such as clients taking their business elsewhere due to being unable to remember password guidance or simply being unwilling to comply and going to an organization that offers more convenient but less secure protocols.

This masterclass is hosted by Nok Nok and presented by various experts in the industry, including:

Larry Ponemon, Founder & Chair Ponemon Institute

Phil Dunkelberger, President & CEO, Nok Nok Labs

Jim Delli Santi, VP Marketing & Strategic Initiatives, Nok Nok Labs

Close to half of those surveyed agreed that authentication failures represent a significant security challenge for their companies, and preventing these failures is difficult because today’s MFA solutions negatively impact user experience. And sadly, more than 60% of the respondents detect more than ten monthly authentication failures, with an average downtime experienced by the respondents with these failures is about six hours a month. 

There are several reasons for authentication failures, according to the survey respondents. 

First, criminals using stolen credentials are hard to identify and distinguish from actual employees. Only 13% of the respondents said that it was either easy or not difficult to find the miscreants. About a third of the respondents say their companies have good visibility into credential theft attacks. The survey considered thefts of the user’s actual password rather than random guesses, using that account to make fraudulent purchases or other transactions, and steal confidential data. 

Second, only 19% feel that they have a high level of control over their authentication processes. Next, a total of 33% think that more than half of these failures remain undetected, and two-thirds claimed that the frequency (and 55% for the severity) of these failures has increased in the past year. 

Sign up for the masterclass to gain even more valuable insights about the costs of authentication failures. If you’re interested in learning about the FIDO protocol and moving to a password-free system, read here to learn more.

Apple, the ever-popular alternative to PC-based systems, has announced a slew of new features for its latest operating system update, macOS Ventura. The newest upgrade expands the convenience and functionality of Mac computers for users and introduces many more ways to secure data and devices with passwordless authentication.

Multi-Task Management

For users that need to hop back and forth between different windows on different applications and software, “Stage Manager” is one of the tweaks that can help users to stay focused and on track. Now the primary software being used is displayed as a centralized window, but others that are also “in play” at the moment appear as secondary windows on the side for easier access.

Mail has also been overhauled, with a big upgrade to organization and search features. Email contacts, mail itself, or even specific attached documents or photos can be easily retrieved now. Users can even set reminders to reply to or revisit certain emails within a specified period.

Device Interconnectivity

The new OS is also specifically designed to recognize the presence of an iPhone, even wirelessly. “Camera Continuity” is a new feature that allows macOS Ventura to use an iPhone as a web camera and can connect wirelessly to these devices for use. Users can mount their iPhones on their computer or continue to go handheld as they prefer, with smart features that can dim light or accentuate facial features.

Cybersecurity With Passwordless Authentication

Perhaps most importantly, macOS Ventura has new security features that make device usage safer than ever. Safari browser users can now enjoy a passwordless authentication feature called “passkeys.” Passkeys are digital keys that remain local to a specific device. These passkeys can only be unlocked through different passwordless authentication features based on user availability or preference.

Apple already has different forms of passwordless authentication for users to employ based on biometrics. So whether it is Touch ID or Face ID, users don’t have to worry about memorizing a long, difficult string of random alphanumerics. iCloud Keychain allows this same security to sync across devices like a Mac, iPhone, iPad, or Apple TV, with end-to-end encryption. This security even extends to other non-Apple websites, apps, or even non-Apple devices using an iPhone. 

These steps bring Apple users one step closer to an even safer digital experience that strongly repels attempts at identity theft without requiring inconvenient steps or measures to be taken. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.

Biometrics is a form of password-free authentication that, instead of relying on typing out a memorized word or phrase, uses unique personal characteristics to confirm identities, such as the face, the voice, or even a fingerprint such as a thumb. Biometrics have slowly integrated into financial transactions, and a new study indicates that this trend is set to grow explosively.

Biometric Banking

According to Juniper Research, financial transactions through biometric authentications are set to exceed one trillion dollars by 2027. When it comes to remote payments, especially through mobile devices, PIN numbers and passwords are still dominant; with biometrics slowly integrating into mobile devices like smartphones and tablets, the current transaction amount is estimated to be approximately $332 billion.

This means that if the Juniper Research estimates are correct, remote payments through the use of biometrics are expected to rise by about 365% within the next five years.

Growth By Necessity

There are several reasons that this growth in biometrics is occurring. The chief driver is convenience. Biometrics is fast and easy. It doesn’t require a person to memorize a long string of random alphanumeric characters just to have a “strong” password. That ease is being capitalized on by large technology companies, such as Apple, that incorporate biometrics into financial software such as Apple Pay, making it an easily accessible, easy-to-use payment alternative for Apple users.

The other factor is government intervention. The European Union, for example, has a “Second Payment Services Directive” (PSD2) that is putting a renewed emphasis on cybersecurity. Strong Customer Authentication, or SCA, is a part of this directive, and that also means multi-factor authentication that doesn’t rely solely on a password for access. Biometrics is an important component in meeting these standards.

Another factor contributing to the wider implementation of biometrics is FIDO, or the Fast Identity Online alliance. Formed in 2013, this alliance of industry experts is committed to reducing the reliance on passwords and promoting a standardized protocol.

FIDO recently got a shot in the arm with an official announcement from major tech companies Microsoft, Apple, and Google, all announcing broad support for FIDO standards, with an intention to make them more widespread in technology. That initiative is going into deployment as quickly as next year and will continue to become more widespread.

Biometrics is a fast, secure, and more convenient way to authenticate without using passwords. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.