By Steve Faehl, Microsoft Federal Security CTO
Ask any cybersecurity professional what one thing should be done to increase the security of your environment and the most likely answer will be to “enable MFA.” For many years, multi-factor authentication has been a key approach to mitigating the risks associated with password usage. As utilization of MFA has increased, cybercriminals have had to adapt tactics for credential theft to compromise their intended targets.
On January 26, 2022, the Office of the Management and Budget (OMB) issued a memo, M-22-09 “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” that has made significant progress raising awareness about the need for phish resistance in combination with MFA usage. The memo recommends that federal agencies move to passwordless MFA in an effort to modernize their authentication systems. While this memo is only directed towards federal agencies, the US Government’s intent as prescribed in President Biden’s Cyber Executive Order is to lead by example in raising the cybersecurity baseline and private sector organizations should also take notice. This article will explore the new tactics being employed and ways security teams can harden their identities utilizing many built-in security options already at their disposal.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
