itb-nz logo
Story image

FIDO: The word that could defeat phishing attacks once and for all

20 Feb 2020

Phishing attacks are a longstanding cornerstone of cyber attack methods. Even after years of attacks and defenses, there are plenty more phish in the sea - and people are still getting hooked.

Phishing has gone far beyond dodgy looking emails that ask people for their login details to a bank they never even bank with – now phishing emails and tactics are so convincing that even seasoned tech addicts are being fooled.

Unfortunately, phishing attacks could be here to stay. According to a recent survey from RSA and the SANS Institute, 42% of organisations have suffered a loss event or realised risk as a result of a careless employee, external threat actor, or a negligent third party.

Phishing is a socially motivated attack method that preys on people’s inattention and fear. Attackers know that sometimes they don’t need to attack the technology – they just need to attack people instead.

If an employee working in finance sees a ‘request’ from their manager for a fund transfer, it could be another normal day in the office for them. Except it only takes one phishing email and one fake request for a company to lose money, sensitive data, and much more.

It is a difficult situation for organisations to mitigate. Sure, there are prevention, detection and monitoring systems, two-factor authentication and an endless process of education. RSA says it’s a classic arms race, where the attackers collaborate, produce easy-to-use attack tools that make their job much easier and defenders’ jobs much, much harder.

Until recently. The security industry is starting to collaborate. The FIDO Alliance is one collaborative effort backed by some of the world’s biggest security firms, including RSA.

FIDO is acronym you may have seen or heard in conversations about security. FIDO stands for Fast Identity Online, an authentication method that uses open standards across hardware and software to prevent attacks.

FIDO and FIDO2 may come in the form of a hardware key, it could be embedded in a mobile device or App and works seamlessly over modern web browsers.

FIDO promotes the use of this hardware and software to prevent the possibility of man-in-the-middle attacks from tricking any user into clicking their nefarious website (that happens to look like a copy of a genuine website). Even if an employee clicks on a link (and let’s face it – they probably will), with the FIDO-instrumented authentication technology this attack will utterly fail.

Talk to RSA about how phishing prevention technologies like FIDO can protect your business, your employees, and your mission-critical assets.

Learn more about easy and passwordless authentication here.

Story image
The 5 biggest decisions for business leaders in 2021, according to Gartner
Focusing on the role of HR leaders within the organisation, Gartner has highlighted five future of work decisions that must be made in 2021 if businesses want to rebound from the COVID-19 pandemic.More
Story image
UPDATED: RBNZ ascribes data breach to third-party file sharing service
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” says RBNZ Governor.More
Story image
Former VMware COO jumps ship to Nutanix as new CEO; VMware begins litigation
Former VMware COO Rajiv Ramaswami has been caught up in litigation from his former employer, which alleges that he breached contractual obligations after jumping ship to Nutanix as its new CEO.More
Story image
LogRhythm buys out MistNet to bolster analytics capabilities
LogRhythm says its aim is to bring stronger levels of machine learning-based detection and response.More
Story image
Three keys to keep remote workforce operational: VPNs, SaaS apps, and internet health
In many ways, the COVID-19 pandemic has ushered in what is effectively the largest work-from-home experiment ever conducted in human history. For many organisations, this has brought forward plans they had for digital transformation.More
Story image
SES Networks and Southern Cross Cables bring better internet to the Pacific
“This cooperation with Southern Cross is of utmost importance because it truly shows the complementary nature of satellite and undersea cable networks."More