This post is part of our 2023 cybersecurity prediction series.
Michael Rothschild, Vice President of Product, HYPR
As 2023 gets underway, it’s clear that one of the biggest areas that need to be addressed is how IT leaders can make sure that teams can securely access the systems and resources they need. Until recently, multi-factor authentication in the form of OTPs or push notification on top of passwords had been the standard recommended best practice. Last year's attacks on Uber, Okta, and Twilio drove home that this is no longer enough. The MFA bombing technique used against Uber is actually simple in concept — knock enough times, and someone will let you in.
CISA recently issued guidance urging phishing-resistant MFA, but less than 16% of organizations have adopted this approach. CIO and IT leaders will need to map out how they can begin to roll that technology out, for high-value users and applications first and then expand it through the enterprise.