web analytics

CISA Urges Americans to Apply MFA, ‘Think Before They Click’ – Source: www.databreachtoday.com

Rate this post

Source: www.databreachtoday.com – Author: 1

Multi-factor & Risk-based Authentication
,
Security Operations

Director Jen Easterly: Password Managers, Automatic Software Updates Key to Defense

Michael Novinson (MichaelNovinson) •
September 26, 2023    

CISA Urges Americans to Apply MFA, 'Think Before They Click'
Jen Easterly, director, U.S. Cybersecurity and Infrastructure Security Agency

America’s top cybersecurity official urged citizens Tuesday to boost their defenses by choosing strong passwords, opting for multi-factor authentication, reporting phishing and enabling automatic software updates.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said consumers and business leaders alike should begin their security journey by choosing passwords that are complex and unique to each sensitive account and using a password manager to generate and store them. From there, Easterly said multi-factor authentication is vital since more than a password is necessary to keep accounts safe.

When it comes to recognizing phishing, Easterly urged users to “think before they click,” especially when it comes to unsolicited texts, calls and emails as well as attachments from unknown sources. Finally, Easterly said users should make software updates automatic to ensure they’re continuously protected from malicious threats in the ecosystem.

“As we’ve added more devices and more platforms and more endpoints to the internet, we’ve increased vulnerabilities,” Easterly said Tuesday at an event launching CISA’s first-ever public service awareness campaign. “We’ve expanded that attack surface for cyber criminals to steal our data and to lock it up.”

Easterly’s remarks were followed by comments from industry leaders as well as a fireside chat with leaders from non-profits involved in cyber defense. CISA’s public service announcement will begin airing days before the start of the 20th annual Cybersecurity Awareness Month Sunday (see: US CISA Official: ‘Forcefully Nudge’ Users to Adopt MFA).

“CISA – along with our government and industry partners – are doing everything we can to prevent and disrupt the cybercriminal ecosystem,” Easterly said. “But it’s critical that every one of us take responsibility for keeping ourselves safe online, and that’s why we are here today.”

How Google Approaches Secure Authentication

Google Vice President of Security Engineering Heather Adkins believes there will be a future with no passwords. If people no longer have to use a text-based string to authenticate themselves to the most important systems in their lives, Adkins said the systems in question can be longer be taken over or hijacked by an attacker who could ruin their life.

“That is a little bit in the future; I’m also a realist,” Adkins said Tuesday during the launch event for the CISA public service announcement. “But as an industry, we take these small steps every day.”

Adkins has used a password manager for 15 years, and praised the tool for creating complex passwords that she doesn’t have to remember and storing them in a secure place where they can be retrieved at a moment’s notice. Google recently turned on multi-factor authentication be default for all Gmail users, and Adkins said it’s had a “substantial and meaningful impact” on preventing account hijacking.

“We brought secure multi-factor authentication to the masses with security keys – which are hardware tokens – and passkeys, which are a software version that’s easier to use,” Adkins said. “Since adopting these solutions for ourselves as a company, we have eliminated password phishing as a problem at our company.”

In a similar vein, Adkins said the Google Chrome web browser automatically updates so that users don’t have to even think about patching. In addition, she said there hasn’t been a single known ransomware attack on a Chrome OS device across business, commercial or education users since they were designed with security in mind. Automatically identifying phishing and keeping software up to date is important (see: Google’s Christiaan Brand on Bringing Passkeys to the Masses).

“I believe in, ‘Think before you click,’ but I also believe in, “Don’t make the user think about it if they don’t have to,'” Adkins said. “This is an important component of ‘secure by default’ – automatically removing the threat from people’s inboxes. We as engineers can take on the burden for security and free the users up to enjoy the technology how they need to.”

Microsoft Pivots to Multi-Factor Authentication By Default

In a “huge shift” for Microsoft, the software and cloud computing behemoth now applies multi-factor authentication by default for both new and existing instances of Microsoft 365, according to Federal Security CTO Steve Faehl. Going forward, Faehl said any organization that doesn’t configure a security policy of its own is going to get multi-factor authentication (see: Microsoft Brings Passkeys, Bad Code Protection to Windows 11).

“We were very concerned that people would be locked out of their tenants,” Adkins said Tuesday during the launch event for the CISA public service announcement. “We were very concerned people wouldn’t know what to do. But we were able to roll that out in a way that didn’t disrupt anyone, and it’s something that makes everyone safer.”

Faehl said the industry has a role to play in both helping the U.S. government impose pain and cost on cyber adversaries in a meaningful way as well as providing users with a better experience than before with technologies like passwordless.

“We don’t want to barrage the general public with a ton of cyber risk fear mongering,” Faehl said. “We want to let them know, ‘This is what it takes to be safe in this environment. This is how you can be secure moving forward, and you can do so with confidence.'”

Original Post url: https://www.databreachtoday.com/cisa-urges-americans-to-apply-mfa-think-before-they-click-a-23175

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post