Attacking the gaps in traditional security

Written By: Admin

Our growing reliance on our connected lifestyle is evolved hand-in-hand with security threats and bad actors. As technologies increase their sophistication, so does the security threat landscape. And as new security solutions are developed and implemented, new hacking methods evolve and grow reducing the effectiveness of current solutions.

This cycle has been going on for years, in the physical and virtual worlds where we live and act.

Ultimately, IT decision makers and the security industry have been – and continue to be – in an arms race with bad actors and hackers. And they’re not necessarily winning. If they were, you wouldn’t hear about major breaches like Sony, Anthem, or Target. The fact that these breaches are still occurring means we haven’t solved it yet. The threat is real, and it remains.

That leads to the inevitable question – why? Why haven’t we won? Why haven’t we created an environment where enterprises can feel comfortable that their intellectual property and customer information is safe? Why do consumers still have to swap out their credit cards every few months due to the chance that information was compromised? Why do breach notifications show up in my mail on a monthly or even sometimes weekly basis? (Did you know one in three people who receive a breach notification are compromised?)

The fact is, companies have approached security the same way for too long. They identify a problem, find a vulnerability, or discover a breach, and then they patch the hole to keep it from happening again. Then they alert the parties impacted and try to do damage control.

But implementing point solutions only addresses the immediate problem; it doesn’t address the root cause and only adds complexity. The cost of addressing it this way is excessive and over time becomes a perplexing big ball of tangled solutions. This is exactly what is happening with multifactor authentication with today’s solutions and emerging companies.

Here’s the problem with the way companies today are embracing multifactor authentication:

A company’s existing single-factor authentication at a customer log-in is too easy to crack through social engineering, phishing, key loggers, man-in-the-middle, spear phishing, or the simple guessing of credentials and it gets breached. So, the company implements multifactor authentication solution(s) in place. This costs money and many hours to integrate into their current systems.

Then, they have to market this change to any and all affected parties – including internal and external audiences and customers. This marketing costs money and the increased complexity scares away some customers, costing the company revenue.

After the dust settles, a breach occurs – maybe at a different point in the network where vendors or consultants gain access. The company implements an additional solution – or expands a current multifactor authentication solution – at this breach point. Again, costing money and many hours to implement and integrate into their current systems…the cycle could potentially repeat itself an infinite number of times like a terrible game of cyber whack-a-mole.

So how should it go?

Companies need to move away from addressing a single problem with a point solution. The reality of this cycle is “time + desire = opportunity,” which will result in the prior weaknesses being exposed again. If you build on a poor foundation, it doesn’t matter what you do to repair and fix issues, the foundation will always be the issue.

Fundamentally, organizations need to step back and look at the whole picture, recognize that, until they address the ‘user’ and the current architectural flaws with today’s multi-factor and single sign-on solutions security solutions flaws, problems won’t stop. Companies need to focus on their infrastructure first, ensure that a strong authentication solution is embedded across the entire organization. Looking at architecture and infrastructure first puts them in a better position to grow and evolve with the security market. It also eliminates the need to patch holes as they open up.

In addition to thinking on a broader level across the entire enterprise, companies also have to think about the effectiveness of the authentication solutions they implement.

They need to think about whether the solution truly protects them from all bad actors. If it’s in-band, chances are that the solution still leaves them vulnerable (click HERE for a good introduction to the differences between in-band and out-of-band authentication). Then there’s the issue of ease of use. As we’ve discussed in previous posts, the more factors and steps that enterprises put in place for authentication, the more difficult and unnatural the process feels. This can impact adoption and lead to risky behavior by users.

By thinking of security at the infrastructure level and ensuring that authentication is ubiquitous across the enterprise, companies can get out of the cycle of finding and eliminating gaps in their security posture. And by implementing a solution that is out-of-band and easy to use, they can better protect the company and its customers by mitigating a wider variety of attacks and ensuring that the solution is used by all stakeholders – both within and outside of the organization.

Authomate’s StrongPass solution delivers authentication that is completely out-of-band, strong and easy to use. For additional information about Authomate’s authentication solutions, go to To try out StrongPass, click HERE.


  1. Starbucks breach shows that all accounts can be targets - Access Granted
    Starbucks breach shows that all accounts can be targets - Access Granted3 years ago

    […] In a previous post, I discussed the game of “cybersecurity whack-a-mole” that many companies find themselves playing. As they identify one vulnerability – a single-factor customer login, for example – plug it and work to mitigate the damage, hackers are scouring their networks finding another. Exposure of the first breach costs the company customer loyalty and money to mitigate and fix. Subsequent breaches only exacerbate these costs. […]

  2. Moving Beyond Multifactor Authentication to the Next Generation - Access Granted
    Moving Beyond Multifactor Authentication to the Next Generation - Access Granted3 years ago

    […] From the midday news it was the reminder that as we reach the peak season for tax preparation and refunds, the scammers and identity thieves are also swinging into high gear.  What is interesting in this story is that most of the scams involve no sophisticated digital compromise and are well executed social engineering hacks where factors of authentication, that is the things you know, the things you are, and sometimes the things you have, are siphoned during a seemingly innocent conversation. […]

Leave a Reply