In the wake of yet another high-profile hack attack, FIDO Alliance co-founder Nok Nok Labs is calling businesses and service providers to take advantage of phishing-resistant multi-factor authentication solutions.
The attack in this case concerns Wipro, a Major India-based software company, whose IT systems were compromised, with Wipro customers then targeted in “an advanced phishing campaign,” according to a statement from the firm. Discussing the incidents in a new blog post, Nok Nok Labs cites the “2017 Verizon Data Breach Investigations Report” in estimating that “the odds are better than 80% that the breach targeted employee and administrative credential compromise as the attack vector of choice.”
The solution, Nok Nok Labs argues, is to focus on preventive measures, such as “phishing-proof” authentication mechanisms based on FIDO Alliance standards. Focused on on-device authentication, FIDO standards support the use of post-password authentication mechanisms like USB security keys and biometrics – mechanisms that are highly effective countermeasures against phishing attacks that are aimed at acquiring user credentials like usernames and passwords.
“We strongly recommend both customers and service providers invest deeply in modern authentication that is phishing resistant, multi-factor, standards based and widely supported as well as proven at scale,” Nok Nok Labs says. And if Wipro is any indication – not to mention the many other high-profile victims of hack attacks in recent months and years – it’s advice that is well worth heeding in our current cybersecurity climate.