The TruU Hub

Could effective identity management have stopped the Kaseya attack?

Like many other software supply chain attacks, the Kaseya attack started with managed security service provider (MSSP) Kaseya being hacked and their trusted connections to their client base were leveraged to propagate ransomware that locked up numerous accounts and wreaked havoc on thousands of computer systems. A major supermarket in Sweden had to close its stores and turn away families trying to buy food, because they could not operate their Point of Sale (POS) systems.

Digital Transformation Puts the Spotlight on Privacy ( and Security)

As the pandemic evolved and workforces required remote access to the enterprise’s most critical systems and data, IT teams were challenged with virtually extending the enterprise’s security boundaries to wherever the employees were. All of a sudden, the adage of Identity is the New Perimeter suddenly received a new lease on life.

IT Security teams are tasked with securing organizations against unauthorized access by threat actors. However they also need to make sure that only authorized individuals within the organizations with valid and legitimate need can access protected critical information. In certain industry segments this is needed in order to conform to corporate information security standards and meet regulatory compliance requirements.

It is hard to imagine all this started with an inconspicuous password breach.

Over the last couple of weeks, the Colonial Pipeline attack suddenly became a household event. Mainly because it started to impact the daily lives of everyday citizens. Gas, gasoline, and home heating oil deliveries were disrupted. People were driving to multiple gas stations just to find available gasoline. Yet behind the scenes there were larger and more critical consequences that were starting to play out. on May 12th, President Biden issued an executive order on improving the nation’s cybersecurity ; last week five million dollars in ransomware got paid out; one of the most notorious ransomware organizations suddenly announced they were going into a cooling off period. (More like waiting for things to cool down). 

Is Windows Hello Enough for Enterprise Passwordless Access?

Organizations are rethinking their workplaces and options for their workforces. Companies in regulated industries and those with higher security needs where work once occurred only in fully-trusted facilities now need to support work anywhere in the world, on any type of device securely. The disintegration of the enterprise perimeter suddenly got more pronounced and very apparent as organizations scrambled to support a geographically dispersed workforce with the need to support the most varied locations.

Passwordless authentication has been employed for customer identity for many years and is now seeing growing interest from financial institutions for their employees and partners. Anti-money laundering (AML) laws and KYC (Know Your Customer) compliance drove interest in anti-fraud/money laundering customer identity first, but the adoption of newer authentication methods such as biometrics and behavioral biometrics, and more recently the use of identity proofing technology is just as applicable for the workforce.

What is passwordless authentication in 2020, where biometrics are quickly becoming a mainstream technology and AIML (artificial intelligence / machine learning) approaches are on the horizon? In this article we explore the passwordless authentication fully from a generic perspective (not specific to an enterprise or consumer use case), and provide a view of where the market stands today and what it will take to be successful in the future.