MFA has proven itself to be one of the most impactful cybersecurity innovations in recent decades. But it's still not enough.
In the course of routine Penetration Testing, Silent Breach's ethical hackers continue to discover novel ways to circumvent digital defenses, even with MFA enabled. For example, by masquerading as IT personnel, hackers can successfully convince users to hand over not only their credentials, but their MFA codes as well. As software itself becomes increasingly secure, malicious actors are adapting to human-centric attack vectors. To stay protected in the years ahead, firms will need to broaden their authentication toolkit. One such emerging tool is call Mutual Human Authentication.
What is Mutual Human Authentication?
Until now, multi-factor authentication has mostly consisted in an OTP requirement which is texted or emailed to the user (in addition to the standard username and password). And while even just this single step has proven to radically cut down on the success rates of phishing and other social engineering attacks, persistent gaps remain. Furthermore, once an email address has been compromised, any MFA codes sent to that address will be similarly available to the hacker.
This is where Mutual Human Authentication comes in.
Rather than requiring an automated OTP code, MHA requires human permission from a trusted third-party. Now, each time account access is requested, a mutual request is sent to the 'human authenticator' (say, a security veteran within the IT Security Dept) who can review the request and choose to either grant or deny access.
Under normal conditions, a chain will only be as strong as its weakest link. With MHA, however, a chain can become as strong as its strongest link.
Taking MHA One Step Further
A comprehensive approach to MHA is currently being pioneered by SharePass, a developer of emerging confidential communication technologies.
With SharePass, users are able to convert any data they choose into a secure encrypted link. This link can then be MHA-protected so that even when shared, it remains under the control of the designated party.
This has the added benefit of not only protecting your data from theft, but also enabling businesses and individuals to own and control their data throughout its entire lifecycle.
The Benefits of Using MHA
By further strengthening and broadening multi-factor authentication, Mutual Human Authentication can also help mitigate known risks related to:
The Dark Web: Leaked credentials often make their way to the Dark Web. With MHA enabled, this data will no longer pose a significant security risk insofar as anyone who purchases the leaked credentials will still have no knowledge of who has been designated as the 'human authenticator', effectively locking them out of the account.
Anti-Phishing: As mentioned above, phishing remains the most popular method for hackers. Simply put, humans have proven to be far easier to manipulate than the secure software that they control. While Security Awareness Training is critical in pushing back against social engineering attacks, short-term solutions like MHA can put the control back into the hands of those who are most skilled at detecting and mitigating social hackers.
The Importance of MFA
Today, 98% of cyber attacks rely on social engineering and 75% of companies have fallen victim to phishing in the last year alone, making it the most common cybercrime in the world. Moreover, Silent Breach ethical hackers hold a 90% success rate at being able to compromise target networks within a single week whenever social engineering is included in the attack scope. Fortunately, multi-factor authentication and Mutual Human Authentication can go a long way in reversing these trends, defending your company, and protecting your most valuable assets: your people.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
How the Dark Web Can Protect Your Company
Does Crypto Need a Cybersecurity Refresh?
Securing the Cyber Supply Chain