When Hawaiian Airlines confirmed a recent cyberattack that disrupted its internal systems, it wasn’t just another headline—it was another red flag.

The Aflac breach last week wasn’t pulled off by elite hackers—it was enabled by the same outdated multi-factor authentication (MFA) most enterprises rely on today.

Every moment of every day, a quiet army of IT professionals, CISOs, and MSSPs are working tirelessly to defend organizations against an endless torrent of sophisticated cyber threats. 

What is Legacy MFA? Legacy MFA are solutions such as OTP over SMS and OTP via mobile apps that are 20-year-old technology. While using this technology is better than no-MFA, cybercriminals have developed sophisticated techniques and tools that regularly defeat legacy multifactor authentication (MFA). MFA significantly enhances account security, but not all MFA is created equal, and attackers are exploiting human vulnerabilities resulting in billions of dollars of losses. Here are the most common TTP used by cybercriminals.

As cybersecurity threats evolve, enterprises must stay ahead with advanced solutions. Our report, "Next-Generation MFA: Security Assurance for the Modern Enterprise," is based on a survey conducted and written by Datos Insights. In this report, we explore how leading Financial Service CISOs are addressing these challenges with cutting-edge multifactor authentication (MFA) strategies.

In today’s digital landscape, identity security is not just a concern—it’s a critical defense against the growing threats of phishing and ransomware. While multifactor authentication (MFA) has been promoted as a solution, the reality is that not all MFA is equally effective in securing user identities.

The cybersecurity landscape has recently seen a staggering surge in ransomware payments, with a more than 500% increase. Sophos' "State of Ransomware 2024" report indicates that the average ransom payment has skyrocketed from $400,000 in 2023 to $2 million in the past year. RISK & INSURANCE also reported a dramatic rise, with the median ransom demand jumping from $1.4 million in 2022 to $20 million in 2023, and actual payments soaring from $335,000 to $6.5 million. This significant rise in ransom payments reflects the growing sophistication of cyberattacks and the vulnerabilities of outdated security measures. A major factor behind this trend is the continued use of legacy Multifactor Authentication (MFA) systems, which are increasingly ineffective against modern cyber threats. Additionally, the use of Generative AI by cybercriminals to create highly convincing phishing attacks has made detection by even the most vigilant users more difficult. Let's examine the reasons behind the increase in ransomware payments, the limitations of traditional MFA, and the importance of adopting next-generation MFA solutions.

With the rise of AI-generated deepfakes, which are becoming more convincing and widespread in video conferencing, companies are finding it increasingly difficult to ensure they know who they’re actually talking to during online meetings. We’re seeing the damage cybercriminals can cause when they steal credentials using social engineering, only to then bypass outdated MFA systems to access critical data or deploy ransomware. These older MFA systems just aren’t cutting it anymore, leaving companies vulnerable in ways that are making the news almost daily.

In the ever-evolving landscape of cybersecurity, the partnership between Duo and Token marks a significant advancement, combining Duo's identity access management with Token's Next-Generation MFA. This collaboration is not just about adding layers of security; it's about redefining the user experience and streamlining the deployment of security measures across organizations.

From the perspective of someone responsible for securing an enterprise organization, the inclusion of biometric recognition capabilities in PCs and phones has been a positive development. The draw of using biometrics for recognition is that most are suitably unique and entropic, such that the biometric will more secure than a short passcode or easily-remembered password. Furthermore, biometric verification systems are viewed by most as being intuitive and convenient to use. In this way, biometric verification as the way users authenticate themselves to their devices has reduced a large attack surface for organizations whose employees work remotely or in hybrid environments.

We were recently honored to be invited for an interview by Chuck Harold from SecurityGuyTV. During this discussion, our CEO, John Gunn, shared insights about protecting against ransomware with Token’s innovative Next-Generation MFA Smart Ring. With ransomware attacks continuing to dominate the cybersecurity landscape, Token’s approach offers a promising solution that could revolutionize how we protect ourselves from these threats.

Discover how top security leaders are integrating advanced IAM and MFA strategies to protect against emerging threats and ensure every user's credentials are protected against breaches.