Some items that have hit The Cyber Hut intelligence inboxes this week.
State of Passwordless Authentication 2022 HYPR
HYPR, a provider of passwordless authentication, recently released their updated passwordless authentication report (sign up required). The commissioned report focuses on describing the weaknesses associated with existing authentication components. The basic username and password is under increasing threat from credential theft and brute force attacks, whilst many MFA components are facing the heat when it comes to phishing. To add further concern, many organisations are apparently also struggling to role out those existing MFA modals anyway, with poor UX and difficult integration being limiting factors. No surprise, but the answer is seemingly passwordless authentication – which aims to deliver both improvements to security and usability. The report makes a good point with respect to the differences between passwordless “experiences” and actual password-free methods.
FIDO Authenticate 2022 Conference Announced
The FIDO Alliance announced the 2022 version of their Authenticate conference. The conference will take place between October 17th-19th this year, at the Sheraton Grand Hotel, Seattle, Washington. It seems remote access will also be available. It looks like it’s still a bit early to see the agenda, but Yubico have already committed to being a sponsor. The 2021 conference videos are available on YouTube.
Cyber Defense Matrix Book Launch
An interesting book launch occurred recently. Cyber Defense Matrix (The Essential Guide to Navigating the Cybersecurity Landscape) was released, which aims to provide a framework to allow us to map existing cyber technologies into a function-asset matrix. Written by Sounil Yu, the paperback is available on Amazon, whilst an eBook version is available via JupiterOne. The framework described is incredibly simple, yet provides a very powerful way of mapping technologies in order to help drive RoI and understand perhaps where investment or coverage is lacking. It relies on the NIST Cyber Security Framework’s “Identify”, “Detect”, “Protect”, “Respond” and “Recover” components, applied to the 5 asset classes that most organisations use – namely Users, Applications, Devices, Networks and Data.
What is Intent Data?
This is an interesting blog entry by ForMotiv, discussing how to use behavioural science to analyse potential buying signals from a digital prospect and consumer. The “intent” aspect is focusing upon trying to understand if the user at the end of the keyboard is likely to buy something – or at least be better prepared to predict and react to their signals whether they are buying or not. ForMotiv discusses this process in a bit more detail and how they are different levels of intent data and what you can do with it. Their website states “ForMotiv developed a way to read a user’s digital body language by analysing thousands of behavioural micro-expressions while a user fills out an online application to produce incredibly accurate intent scores, instantly.” Hopefully with full end user explicitly opted in consent as per GDPR.