CISA: #MoreThanAPassword.pptx
•Download as PPTX, PDF•
0 likes•474 views
The document discusses the need for SMBs to adopt phishing-resistant FIDO authentication instead of legacy multi-factor authentication methods. It notes that while major companies have implemented MFA, most organizations are small and face unfair security challenges. Legacy MFA methods are all phishable, whereas FIDO is built into browsers and phones and supported by major service providers. The document recommends SMBs pilot FIDO authentication on personal and work accounts to start migrating away from phishable legacy MFA and gain security advantages.
Recommended
Recommended
More Related Content
Similar to CISA: #MoreThanAPassword.pptx
Similar to CISA: #MoreThanAPassword.pptx (20)
More from FIDO Alliance
More from FIDO Alliance (20)
Recently uploaded
Recently uploaded (20)
CISA: #MoreThanAPassword.pptx
- 1. Bob Lord June 7, 2022 C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y “#MoreThanAPassword: The case for FIDO in SMBs 1
- 2. 2
- 3. Bob Lord June 7, 2022 “Everyone knows all about the value proposition for MFA!” 3 I don’t think you do!
- 4. Bob Lord June 7, 2022 The current state of MFA 4 Microsoft Twitter
- 5. Bob Lord June 7, 2022 Some progress 5
- 6. Bob Lord June 7, 2022 More progress 6
- 7. Bob Lord June 7, 2022 But most orgs are small 7
- 8. Bob Lord June 7, 2022 And they are all connected 8 Page 7, VZDBIR May, 2022: “2021 illustrated how one key supply chain breach can lead to wide ranging consequences. Supply chain was responsible for 62% of System Intrusion incidents this year. Unlike a Financially motivated actor, Nation-state threat actors may skip the breach and keep the access.”
- 9. Bob Lord June 7, 2022 SMBs and FIDO 9 SMBs are target rich environments The attacks will only get better MFA is a must! #MoreThanAPassword But think several chess moves ahead. Play out the scenario where >50% use phishable, Legacy MFA. We mandated FIDO for key systems at the DNC in 2019. (You can too!)
- 10. Bob Lord June 7, 2022 MFA bypass not theoretical: ITW! 10
- 11. Bob Lord June 7, 2022 Why FIDO for SMBs? 11 • If you are an SMB: unfair game -> undervalued tool • Legacy MFA: they are all phishable! • Phishing resistant MFA: FIDO • Only widely available form of phishing resistant MFA. • Built into the browsers and phones you already deployed • The major service providers already support it. No Chicken/Egg problems!
- 12. Bob Lord June 7, 2022 Homework 12 If you deployed MFA: Start your migration to FIDO Little/no MFA yet: Leapfrog everyone else and move to FIDO. Pilot FIDO authentication on your personal accounts: GMail, Outlook.com, Twitter, Facebook, Dropbox, etc. Pilot FIDO authentication on your work systems. Start with the Security or IT teams. Add in a few other friendly people from other teams. Iterate.
- 13. Bob Lord June 7, 2022 13 For more information: https://www.cisa.gov/shields-up Questions? @boblord
- 14. Bob Lord June 7, 2022
Editor's Notes
- This movie is all about SMBs and FIDO, believe it or not!
- https://transparency.twitter.com/en/reports/account-security.html#2021-jan-jun https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report
- https://help.salesforce.com/s/articleView?id=000362737&type=1 https://www.theverge.com/2022/5/4/23056799/github-contributors-2fa-two-factor-authentication-2023
- https://www.cnn.com/2020/10/14/tech/twitter-hack-tech-support-scam/index.html https://www.dfs.ny.gov/Twitter_Report
- Focus on which systems you *can* deploy FIDO to, not the many *possible* roadblocks.