Security awareness training — combined with the right technologies — have done a great job of alerting employees to the risks of phishing scams and clicking on suspicious links.
But criminals are relentless and brutally crafty. They will continue to target end-users, as people are cheaper and easier to exploit than systems. “Anyone who has been in security long enough recognizes that every time we make a taller wall or a stronger door, someone comes up with a taller ladder or a better battering ram,” says said J. Wolfgang Goerlich, Advisory CISO at Cisco.
Their latest tactic involves creating multifactor authentication (MFA) fatigue. This occurs when the attacker “sends a user multiple push notifications in the hopes that they will click and approve a request — either out of muscle memory, thinking they must have logged into an application, or simply out of hope that they will stop getting these notifications,” says Goerlich.