Security awareness training — combined with the right technologies — have done a great job of alerting employees to the risks of phishing scams and clicking on suspicious links.
But criminals are relentless and brutally crafty. They will continue to target end-users, as people are cheaper and easier to exploit than systems. “Anyone who has been in security long enough recognizes that every time we make a taller wall or a stronger door, someone comes up with a taller ladder or a better battering ram,” says said J. Wolfgang Goerlich, Advisory CISO at Cisco.
Their latest tactic involves creating multifactor authentication (MFA) fatigue. This occurs when the attacker “sends a user multiple push notifications in the hopes that they will click and approve a request — either out of muscle memory, thinking they must have logged into an application, or simply out of hope that they will stop getting these notifications,” says Goerlich.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
