SIM Security | Breaking Cybersecurity News | The Hacker News

Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is  skyrocketing , and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach.  To deliver additional security, therefore, digital identities rely on verification plasters. MFA (multi-factor authentication) often falls back to knowledge factors such as password resets and OTP codes, but these are still vulnerable. As long as credentials can be shared or intercepted, they can be misused.  What is needed is a paradigm shift – from knowledge-based credentials to strong possession-factor security that can't be compromised, alongside other verification security such as biometrics. A new possession-factor API now aims to do precisely that, replacing knowledge-based credentials, by using the SIM card for possess

The average cost of a data breach, according to the latest research by IBM, now stands at  USD 4.24 million , the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the workplace. CISOs/CIOs are dealing with legacy systems, cloud hosting, on-prem, remote workers, office based, traditional software, and SaaS. How businesses adapted was laudable, but now that employees spread across locations, offices and homes – with  more than half  threatening not to return to offices unless hybrid working is implemented – the challenge morphs into securing a nonuniform perimeter.  We know passwords aren't sufficient. Knowledge-based access is usually fortified with other forms of multi-factor authentication (MFA), such as auth apps or FIDO tokens, and in highly sensitive case

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Forget watercooler conspiracies or boardroom battles. There's a new war in the office. As companies nudge their staff to return to communal workspaces, many workers don't actually want to – more than 50 percent of employees would rather quit, according to  research by EY .  While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft – how to make the new normal of the hybrid workplace secure. The Trade-off Between Usability and Security A company's biggest vulnerability continues to be its people. In a hybrid workplace, a Zero Trust strategy means ever-tightening security.  The MFA a company chooses  affects the difficulty of logging into email, dashboards, workflow tools, client documentation, and so on. Or, conversely, how porous access security is.  Now imagine this scenario. An employee opens a company portal, confirms a prompt on a company app on her phone, and that's it. She has been authenticated s

Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor authentication (MFA or 2FA) has come into play, to patch up vulnerabilities of the so-called knowledge-based model, usually by SMS passcode to verify possession of a mobile phone number. The simplicity of SMS-based verification has taken apps by storm – it's the default option, as most users have a mobile phone. Yet bad actors have learned how to exploit this verification method, leading to the menace of  SIM swap fraud , which is alarmingly easy to pull off and rising rapidly in incidents. There's been no lack of effort in finding a more secure factor that is still universal. For example, b