Cisco DNA Center Bug Opens Enterprises to Remote Attack – Threatpost
Cisco DNA Center Bug Opens Enterprises to Remote Attack Threatpost
Tag Archive for: Enterprises
Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes
A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.
“It’s time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms,” asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. “These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today.”
Weinert argued that other MFA methods are more secure, calling out Microsoft Authenticator, his company’s app-based authenticator, and Windows Hello, the umbrella label for Microsoft’s biometrics technology, including facial recognition and fingerprint verification. It’s no coincidence that Weinert touted technologies Microsoft has aggressively pushed in its campaign to convince enterprises to go passwordless.
More than a year ago, Weinert spelled out how, in his view, passwords alone are no defense against credential theft, but that by enabling MFA, “your account is more than 99.9% less likely to be compromised.” That advice hasn’t changed, but Microsoft’s stance on MFA has now narrowed. “MFA is essential — we are discussing which MFA method to use, not whether to use MFA,” he wrote last week.
Weinert ticked off a list of security flaws in SMS- and voice-based MFA, the technique that typically sends a six-digit code to a predetermined, verified phone number. Those defects, Weinert said, ranged from a lack of encryption — texts are sent in the clear — to vulnerability to social engineering.
App-based authentication, Weinert contended, is a much more secure means to the WFA ends. He then touted Microsoft Authenticator, which comes in versions for Google’s Android and Apple’s iOS.
Authenticator boasts encrypted communication, supports facial and fingerprint recognition — letting users authenticate using those technologies when, say, their company-supplied laptops do not. Authenticator also supports one-time passcodes, duplicating the mechanism…
Cybersecurity for small-and-medium enterprises in Asia Pacific
By Ricky Kapur, Vice President of Sales, Marketing and Operations, Microsoft Asia Pacific.
The past few months have brought unprecedented change to people and organizations around the world. Retail moved almost exclusively to e-commerce platforms and businesses had to rapidly pivot their operations online and in the cloud. As our CEO Satya Nadella puts it, in 2020, we’ve seen two years’ worth of digital transformation in two months – a truly phenomenal pace.
The immediacy and scale at which we had to adapt brought new security challenges. Our recently launched Digital Defense Report revealed that attackers have taken advantage of these challenging times to capitalize on opportunities every day, with every country in the world having at least one COVID-19-themed attack. Attackers have also exploited gaps in traditional security policies, which didn’t cater to an all remote workforce – we’ve seen entire networks ransomed in under 45 minutes, and an increased number of distributed denial of service (DDoS) attacks.
SMEs NEED A SECURE, REMOTE WORKFORCE
As digital transformation continues apace across all sectors, every business regardless of size is at risk of a cyberattack. This Cybersecurity Awareness Month, we must build safeguards and be prepared to combat lurking cyber threats.
And small-and-medium enterprises (SMEs) are often more vulnerable.
Many small businesses don’t think about cybersecurity until after a security breach. Not having cybersecurity can cost your business money, time, and result in lost sensitive information. Based on industry conversations, we learn that a large percentage do not know how to protect their companies, lack dedicated IT staff and have inadequate computer and network security.
Failing to invest in cybersecurity actually costs more in the aftermath of a cyberattack, in terms of money, time and loss of sensitive information. In the past year, SMEs were the target of 43% of cyberattacks, and on average, the cost of each attack was $184,000, with a report suggesting that 60% of small businesses fold within six months of a cyberattack.
These statistics are concerning for the Asia Pacific region, where SMEs comprise more than
Microsoft Defender ATP app arrives on Android with enterprises in mind – Windows Central
Microsoft Defender ATP app arrives on Android with enterprises in mind Windows Central
“android security news” – read more