One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
Multifactor authentication is gaining traction - but it also is causing additional user friction when deployed poorly. No matter whose research you cite, a startling high percentage of recent breaches are the result of stolen or weak credentials. Yet, enterprises still struggle to take advantage of multifactor...
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
Now that the deadline for all e-commerce card-based transactions in the EU to comply with the new PSD2 "strong customer authentication" requirement has officially been extended to Dec. 31, 2020, authorities are emphasizing the need to make a smooth, uniform migration to the new forms of authentication.
Passwords have failed, so what's next?
Password security is one of the most important issues facing information security today, and multi-factor authentication (MFA) technology mitigates the risk of password-only security today when providing access to corporate networks. But unfortunately, traditional MFA...
Passwords are no longer sufficient to secure logins, with 81% of breaches involving weak or stolen passwords. Multi-factor authentication (MFA) protects users from attacks by ensuring that only the intended, authorized users can access critical, secure information.
Download this whitepaper to learn:
Identity attacks such as phishing, credential stuffing, and brute-force-attacks are increasingly common and sophisticated methods for committing account takeovers. These attacks result in increased security risks, brand damage, and outright fraud.
Download this whitepaper to learn how to keep attackers at bay...
IT teams want to provision their workforces to cloud and on-prem apps with ease while avoiding unnecessary manual work. Employees want to move past the frustration of individual daily sign-ons. What's needed is a single solution that simultaneously automates provisioning for IT teams while simplifying sign-ins for...
The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.
Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
The sheer number and destructive nature of recent data breaches is both alarming and discouraging - but there's still cause to be hopeful. Nearly three-quarters of these attacks were due to the same vulnerability: weak or stolen credentials.
Download this white paper to learn:
What are strong authentication...