sb-au logo
Story image

FIDO: The word that could defeat phishing attacks once and for all

20 Feb 2020

Phishing attacks are a longstanding cornerstone of cyber attack methods. Even after years of attacks and defenses, there are plenty more phish in the sea - and people are still getting hooked.

Phishing has gone far beyond dodgy looking emails that ask people for their login details to a bank they never even bank with – now phishing emails and tactics are so convincing that even seasoned tech addicts are being fooled.

Unfortunately, phishing attacks could be here to stay. According to a recent survey from RSA and the SANS Institute, 42% of organisations have suffered a loss event or realised risk as a result of a careless employee, external threat actor, or a negligent third party.

Phishing is a socially motivated attack method that preys on people’s inattention and fear. Attackers know that sometimes they don’t need to attack the technology – they just need to attack people instead.

If an employee working in finance sees a ‘request’ from their manager for a fund transfer, it could be another normal day in the office for them. Except it only takes one phishing email and one fake request for a company to lose money, sensitive data, and much more.

It is a difficult situation for organisations to mitigate. Sure, there are prevention, detection and monitoring systems, two-factor authentication and an endless process of education. RSA says it’s a classic arms race, where the attackers collaborate, produce easy-to-use attack tools that make their job much easier and defenders’ jobs much, much harder.

Until recently. The security industry is starting to collaborate. The FIDO Alliance is one collaborative effort backed by some of the world’s biggest security firms, including RSA.

FIDO is acronym you may have seen or heard in conversations about security. FIDO stands for Fast Identity Online, an authentication method that uses open standards across hardware and software to prevent attacks.

FIDO and FIDO2 may come in the form of a hardware key, it could be embedded in a mobile device or App and works seamlessly over modern web browsers.

FIDO promotes the use of this hardware and software to prevent the possibility of man-in-the-middle attacks from tricking any user into clicking their nefarious website (that happens to look like a copy of a genuine website). Even if an employee clicks on a link (and let’s face it – they probably will), with the FIDO-instrumented authentication technology this attack will utterly fail.

Talk to RSA about how phishing prevention technologies like FIDO can protect your business, your employees, and your mission-critical assets.

Learn more about easy and passwordless authentication here.

Story image
CIOs put too much trust in TLS certificates - survey
Despite the prolific usage of TLS certificates within organisations, many CIOs aren't concerned about security risks associated with TLS machine identities.More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More
Story image
Fortinet: Distributed networks driving enterprises towards consistent security
Jon McGettigan, Fortinet A/NZ Regional Director, explains how consistent security services can protect and help manage distributed networks.More
Story image
NCC Group chosen to help improve IoT security standards for all sectors
“At NCC Group, security is in our DNA and that's why we're excited to work with the ioXt Alliance in raising security standards within the IoT ecosystem."More
Story image
IT pros report increase in security issues due to remote working
Security issues, IT workloads and communication challenges have all seen significant increases in the new remote working era, according to new research from Ivanti.More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More