Actionable WebAuthn You Can (and Should) Implement Today
Throughout 2023, we’ve heard about many high-profile security incidents targeting a wide range of publicly listed companies. These incidents have caused service disruptions, decreases in operating margins, lost confidence in brand names and fluctuating stock prices. Additionally, Chief Information Security Officers (CISOs) have also been under scrutiny for the actions they’ve taken to address these issues.
Protect your organization
It’s crucial to understand that you can act now, you don’t have to wait to improve your security posture. Technology exists to harden your infrastructure. Let’s talk about how customers have been accomplishing this with Duo Security.
In 2023, the United States National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released the Top 10 Cybersecurity Misconfigurations advisory, with #7 highlighting “Weak or misconfigured multifactor authentication (MFA) methods.” To add, Cisco Talos 2023 Year in Review (page 7) highlights hackers' use of “Valid Accounts” as the second most common attack technique observed for the year. As noted on the page, “These findings are consistent with Talos Incident Response data, which showed compromised credentials/valid accounts accounted for nearly a quarter of known initial access vectors in 2023.”
WebAuthn addresses this attack vector by requiring strong MFA as it requires physical human interaction when authenticating.
Can your organization exclusively support WebAuthn?
I’m constantly talking to large S&P 500 companies. When we speak, I ask them, 'Where are you with your WebAuthn strategy?'
I constantly hear the same thing from customers: “It is part of our future security objectives, but we also need to consider our legacy infrastructure.”
There isn’t a 'one size fits all' approach to security and authentication methods. The world has vastly different organizations and plenty of use cases to meet, from call centers in another country to the administration of huge server farms.
Many customers still need to support applications that don’t support browser-based authentication workflows. How do we isolate those authentication workflows while application vendors continue to adopt the WebAuthn protocol or until organizations can decommission these applications? Duo can provide the needed flexibility.
Improving your security is closer (and easier) than you think
Duo can help your team improve security. The approach outlined in our knowledge base article Guide to WebAuthn Enrollment Strategies provides multiple authentication method options to fit a wide array of customer use cases, budgets, and administrative costs. It can also help reduce reliance on your internal help desk team and thus reduce the number of help desk tickets.
In many cases, your help desk team is required to identify the person calling in for support. Therefore, it’s important to clearly understand: how secure is your help desk’s identity verification process? You’ll have to account for any human verification as a possible risk factor.
With the approach we outlined, you can shift verification from the help desk to technology that will enforce a consistent authentication process and thus reduce the risk of a security incident.
Do you have any questions or want to discuss this strategy more in-depth with a trusted advisor? Duo Care can help.
Click here to learn more about Cisco Talos Incident Response.