It takes more than MFA to beat human hacking

2021-07-13 06:00

In part, MFA was intended to thwart a range of compromises that include phishing, spear phishing, credential stealing, and man-in-the-middle attacks.

Protecting remote workers from sophisticated phishing attacks requires a toolbox that extends beyond MFA and covers several attack vectors.

To respond, organizations must move their focus from trying to protect against software and hardware exploits to protections against human hacking attacks happening in every communication medium.

Attackers are successfully luring people into installing malicious browser extensions that hijack already authenticated sessions and stealing credentials at an increasingly concerning rate, so more must be done to shore up an organization's defenses.

No organization can be assured that employees will stop clicking on phishing links or falling prey to exploits that bypass MFA. By combining natural language processing, computer vision, and behavioral analysis, a company can detect and block threats hours and even days before more traditional solutions catch up.

Constant vigilance leveraging zero trust combined with automated, AI, and ML-driven technology is the new weapon against attacks that exploit the human element.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/cURHW8Of9nU/

#hacking #MFA