Yusuf Khan, profile picture
Uploaded byYusuf Khan
PPTX, PDF123 views

Secure authentication in the age of remote working - MFA

The document discusses the challenges and risks of secure authentication in remote working, highlighting the increase in phishing attacks and weak security protocols. It emphasizes the importance of multi-factor authentication (MFA) and single sign-on (SSO) solutions to mitigate security breaches, which are primarily caused by poor password practices. The document also outlines steps for implementing MFA and the need for awareness around potential vulnerabilities.

Embed presentation

Download to read offline
Secure Authentication in the Age of Remote Working – An Awareness Yusuf Khan – Digital Identity Architect Jul 2020
No longer privilege ..but a forced alternative for business continuity
Increased risks with this sudden shift Phishing – Email Scams /SMS Scams Business continuity vs security Weak security practices/controls Attacks on remote working infra Malicious insider Home Wi-fi security – E.g. Weaker protocols WEP instead of WPA-2
According to Barracuda Networks. by over 600% since the end of February
Recent Attacks During Covid DocuSign scam - June 2020 WordPress Admin – July 2020 Fine fear UK Gov scam – Apr 2020Tesco Voucher scam – May 2020 Microsoft Office 365 spear phishing – May 2020 *Full details of above attacks : https://www.itgovernance.co.uk/blog/category/catches-of-the-month
BYOD Organization devices Organization Managed devices Secured over VPN How some organizations managing/securing remote working conditions? IT systems secured with organization issued credentials and IT security IT systems secured with organization issued credentials and IT security Level : Zero Level : Low Level : Medium NoMFA+SSOSolutioninplaceinall
In Verizon’s “2019 Data Breach Investigation Report” (DBIR), data showed that passwords caused 81% of data breaches over the past few years. Based on an article by TechRepublic, larger companies that are using SSO and MFA, the average employee needs to maintain around 25 passwords. Without MFA and SSO, employees may have to deal with as many as 85 different passwords. Verizon report on breaches without MFA and SSO
Tie them together SSO Solution (And its not new) - Provide credentials once - SSO between on premise and cloud solution - SSO to web and enterprise applications plus VDI and SaaS applications. MFA Solution (And its also not new) - Additional factor to verify identity - SMS TOTP, Authenticators, FIDO2 - Biometric verification Next step : Intelligence Adaptive MFA, Behavioral Analysis So what is MFA and SSO solution?
How to Enable MFA? • Identify systems/components • Raise awareness and communicate • Execution plan and engage IT and information security. • Identify target user phased rollout • Support enrollment and usage of MFA initial phases • Monitor and test feedback/results - KPIs • Depending on above results go for Gradual/Full rollout
Is MFA Vulnerable? • Social Engineering • Bad design and/or implementation AWARENESS IS THE KEY Answer is Yes. But risks are still less . Here are some major failure reasons
Thank You Write to me for any queries : Email : ykhan.mca@gmail.com

More Related Content

PDF
The Seven Kinds of Security
byVeracode
 
DOCX
What you need to know about cyber security
byCarol Meng-Shih Wang
 
PPTX
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
byCristian Garcia G.
 
PDF
The only way to survive is to automate your SOC
byRoberto Sponchioni
 
PDF
How Can I Reduce The Risk Of A Cyber-Attack?
byOsei Fortune
 
PDF
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
byUnited Security Providers AG
 
PPTX
Strategies to Combat New, Innovative Cyber Threats - 2017
byPaladionNetworks01
 
PDF
Enemy from Within: Managing and Controlling Access
byBeyondTrust
 
The Seven Kinds of Security
byVeracode
 
What you need to know about cyber security
byCarol Meng-Shih Wang
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
byCristian Garcia G.
 
The only way to survive is to automate your SOC
byRoberto Sponchioni
 
How Can I Reduce The Risk Of A Cyber-Attack?
byOsei Fortune
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
byUnited Security Providers AG
 
Strategies to Combat New, Innovative Cyber Threats - 2017
byPaladionNetworks01
 
Enemy from Within: Managing and Controlling Access
byBeyondTrust
 

What's hot

PPTX
2019 Cyber Security Trends
byInternetwork Engineering (IE)
 
PPT
Paul Henry’s 2011 Malware Trends
byLumension
 
PPTX
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
byCristian Garcia G.
 
PDF
Fintech Cyber Security Survey Hong Knog 2018
byEntersoft Security
 
PPT
Information security and Attacks
bySachin Darekar
 
PPTX
How Does a Data Breach Happen?
byClaranet UK
 
PPTX
Gaining A Foothold
byClaranet UK
 
PDF
ForeScout IoT Enterprise Risk Report
byForescout Technologies Inc
 
PPTX
What is Account Takeover - An Introduction to Web Fraud
byNuData Security
 
PDF
Cyber Risk Management in the New Digitalisation Age - eSentinel™
byNetpluz Asia Pte Ltd
 
PPT
Guard Era Security Overview Preso (Draft)
byGuardEra Access Solutions, Inc.
 
PDF
Application security testing an integrated approach
byIdexcel Technologies
 
PDF
IS Decisions Company Overview. Solutions to secure your Windows Network.
byIS Decisions
 
PPTX
The Internet of things paradox
byGolden Locksmith
 
PDF
Security Implications of the Cloud
byAlert Logic
 
PDF
Selling Your Organization on Application Security
byVeracode
 
PDF
BAI Security - Brochure - Compromise Assessment
byPrahlad Reddy
 
PPTX
Survey: Insider Threats and Cyber Security
byImperva
 
PPTX
SC Magazine & ForeScout Survey Results
byForeScout Technologies
 
PDF
VAPT Infomagnum
byARUN REDDY M
 
2019 Cyber Security Trends
byInternetwork Engineering (IE)
 
Paul Henry’s 2011 Malware Trends
byLumension
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
byCristian Garcia G.
 
Fintech Cyber Security Survey Hong Knog 2018
byEntersoft Security
 
Information security and Attacks
bySachin Darekar
 
How Does a Data Breach Happen?
byClaranet UK
 
Gaining A Foothold
byClaranet UK
 
ForeScout IoT Enterprise Risk Report
byForescout Technologies Inc
 
What is Account Takeover - An Introduction to Web Fraud
byNuData Security
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
byNetpluz Asia Pte Ltd
 
Guard Era Security Overview Preso (Draft)
byGuardEra Access Solutions, Inc.
 
Application security testing an integrated approach
byIdexcel Technologies
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
byIS Decisions
 
The Internet of things paradox
byGolden Locksmith
 
Security Implications of the Cloud
byAlert Logic
 
Selling Your Organization on Application Security
byVeracode
 
BAI Security - Brochure - Compromise Assessment
byPrahlad Reddy
 
Survey: Insider Threats and Cyber Security
byImperva
 
SC Magazine & ForeScout Survey Results
byForeScout Technologies
 
VAPT Infomagnum
byARUN REDDY M
 

Similar to Secure authentication in the age of remote working - MFA

PPTX
FIDO Alliance - Simpler Stronger Authentication.pptx
byLoriGlavin3
 
PDF
The Importance of Multi-Factor Authentication_ Protecting What Matters Most.pdf
byCyberPro Magazine
 
PPTX
ciso-workshop-3-identity-protection.pptx
byelyas44
 
PDF
Eliminate Password Fatigue with Smart Authentication Solutions.pdf
byensuritytech1
 
PDF
information security Lecture by cyber security
byfaiziikanwal47
 
PDF
Multi Factor Authentication Whitepaper Arx - Intellect Design
byRajat Jain
 
PPTX
Presentation- SecurID presentation for the Channel (1).pptx
byssuserba2d14
 
PDF
Strong Authentication in Cyberspace 8 key principles for policymakers
byMark Gibson
 
PPTX
User Authentication for Government
byCarahsoft
 
PDF
Web Security Considerations for Enhanced Protection (1).pptx.pdf
byRosy G
 
PPTX
CISA - More Than A Password.pptx
byFIDO Alliance
 
PPTX
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
bySecureAuth
 
PPTX
2022 State of Workforce Strong Authentication
bySecret Double Octopus
 
PPTX
A CISO View on the State of Passwordless MFA
bySecret Double Octopus
 
PDF
Taking Control of the Digital and Mobile User Authentication Challenge
byEMC
 
PDF
Azure saturday 2017 - Protecting cloud identities using ems
byRonni Pedersen
 
PDF
The Why - Keith Graham, CTO – SecureAuth+Core Security
byCore Security
 
PDF
Strong Authentication: Securing Identities and Enabling Business
bySafeNet
 
PDF
SCUGBE_Lowlands_Unite_2017_Protecting cloud identities
byKenny Buntinx
 
PPTX
CISA: #MoreThanAPassword.pptx
byFIDO Alliance
 
FIDO Alliance - Simpler Stronger Authentication.pptx
byLoriGlavin3
 
The Importance of Multi-Factor Authentication_ Protecting What Matters Most.pdf
byCyberPro Magazine
 
ciso-workshop-3-identity-protection.pptx
byelyas44
 
Eliminate Password Fatigue with Smart Authentication Solutions.pdf
byensuritytech1
 
information security Lecture by cyber security
byfaiziikanwal47
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
byRajat Jain
 
Presentation- SecurID presentation for the Channel (1).pptx
byssuserba2d14
 
Strong Authentication in Cyberspace 8 key principles for policymakers
byMark Gibson
 
User Authentication for Government
byCarahsoft
 
Web Security Considerations for Enhanced Protection (1).pptx.pdf
byRosy G
 
CISA - More Than A Password.pptx
byFIDO Alliance
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
bySecureAuth
 
2022 State of Workforce Strong Authentication
bySecret Double Octopus
 
A CISO View on the State of Passwordless MFA
bySecret Double Octopus
 
Taking Control of the Digital and Mobile User Authentication Challenge
byEMC
 
Azure saturday 2017 - Protecting cloud identities using ems
byRonni Pedersen
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
byCore Security
 
Strong Authentication: Securing Identities and Enabling Business
bySafeNet
 
SCUGBE_Lowlands_Unite_2017_Protecting cloud identities
byKenny Buntinx
 
CISA: #MoreThanAPassword.pptx
byFIDO Alliance
 

Recently uploaded

PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PDF
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
PDF
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PDF
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 
PDF
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
PDF
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
PDF
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
Infuse Intelligence Into your App with Foundry Local
byNilesh Gule
 
PDF
Mutation Testing for Industrial Robotic Systems (FMAS 2025)
bySylvain Hallé
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PPTX
Redcentric Data Centres: vision, mission and values
byRedcentric
 
PPTX
Standardising and simplifying systems and data management - Esri UK Welsh Con...
byEsri UK
 
PPTX
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PDF
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
PPTX
Closing Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PDF
Mastering Handlers, Conditions, and Loops in Ansible Playbooks - RHCE.pdf
byLinuxCert Guru
 
PPTX
Conserving precious peatland habitats using mobile apps - Esri UK Welsh Confe...
byEsri UK
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
Infuse Intelligence Into your App with Foundry Local
byNilesh Gule
 
Mutation Testing for Industrial Robotic Systems (FMAS 2025)
bySylvain Hallé
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Redcentric Data Centres: vision, mission and values
byRedcentric
 
Standardising and simplifying systems and data management - Esri UK Welsh Con...
byEsri UK
 
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
Closing Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
Mastering Handlers, Conditions, and Loops in Ansible Playbooks - RHCE.pdf
byLinuxCert Guru
 
Conserving precious peatland habitats using mobile apps - Esri UK Welsh Confe...
byEsri UK
 

Secure authentication in the age of remote working - MFA

  • 1.
    Secure Authentication inthe Age of Remote Working – An Awareness Yusuf Khan – Digital Identity Architect Jul 2020
  • 2.
    No longer privilege..but a forced alternative for business continuity
  • 3.
    Increased risks withthis sudden shift Phishing – Email Scams /SMS Scams Business continuity vs security Weak security practices/controls Attacks on remote working infra Malicious insider Home Wi-fi security – E.g. Weaker protocols WEP instead of WPA-2
  • 4.
    According to BarracudaNetworks. by over 600% since the end of February
  • 5.
    Recent Attacks DuringCovid DocuSign scam - June 2020 WordPress Admin – July 2020 Fine fear UK Gov scam – Apr 2020Tesco Voucher scam – May 2020 Microsoft Office 365 spear phishing – May 2020 *Full details of above attacks : https://www.itgovernance.co.uk/blog/category/catches-of-the-month
  • 6.
    BYOD Organization devices Organization Managed devices Secured overVPN How some organizations managing/securing remote working conditions? IT systems secured with organization issued credentials and IT security IT systems secured with organization issued credentials and IT security Level : Zero Level : Low Level : Medium NoMFA+SSOSolutioninplaceinall
  • 7.
    In Verizon’s “2019Data Breach Investigation Report” (DBIR), data showed that passwords caused 81% of data breaches over the past few years. Based on an article by TechRepublic, larger companies that are using SSO and MFA, the average employee needs to maintain around 25 passwords. Without MFA and SSO, employees may have to deal with as many as 85 different passwords. Verizon report on breaches without MFA and SSO
  • 8.
    Tie them together SSOSolution (And its not new) - Provide credentials once - SSO between on premise and cloud solution - SSO to web and enterprise applications plus VDI and SaaS applications. MFA Solution (And its also not new) - Additional factor to verify identity - SMS TOTP, Authenticators, FIDO2 - Biometric verification Next step : Intelligence Adaptive MFA, Behavioral Analysis So what is MFA and SSO solution?
  • 9.
    How to EnableMFA? • Identify systems/components • Raise awareness and communicate • Execution plan and engage IT and information security. • Identify target user phased rollout • Support enrollment and usage of MFA initial phases • Monitor and test feedback/results - KPIs • Depending on above results go for Gradual/Full rollout
  • 10.
    Is MFA Vulnerable? •Social Engineering • Bad design and/or implementation AWARENESS IS THE KEY Answer is Yes. But risks are still less . Here are some major failure reasons
  • 11.
    Thank You Write tome for any queries : Email : ykhan.mca@gmail.com