The shift to a passwordless future is well underway. Tech giants like Apple, Google, and Microsoft have embraced passkeys, and for good reason. Passwords have long been the weakest link in cybersecurity—easily guessed, phished, stolen, or reused across accounts. Passkeys represent a serious improvement. They’re phishing-resistant, user-friendly, and eliminate the need to remember or manage credentials.

Token Would Have Stopped This Cold. Another week, another breach. This time it’s Ingram Micro, one of the largest tech distributors on the planet. Systems down for days. Operations halted. Now they’re staring down a ransomware demand, possibly for millions.

Amazon just sent out a warning about phishing emails targeting Prime members—scammers spoofing login pages and tricking users into handing over their credentials. Sound familiar?

Last week, Qantas joined a growing list of high-profile companies breached by Scattered Spider, a sophisticated threat group known for exploiting human error and weak authentication systems—not by hacking through firewalls, but by walking right through the front door.

When Hawaiian Airlines confirmed a recent cyberattack that disrupted its internal systems, it wasn’t just another headline—it was another red flag.

The Aflac breach last week wasn’t pulled off by elite hackers—it was enabled by the same outdated multi-factor authentication (MFA) most enterprises rely on today.

Every moment of every day, a quiet army of IT professionals, CISOs, and MSSPs are working tirelessly to defend organizations against an endless torrent of sophisticated cyber threats. 

What is Legacy MFA? Legacy MFA are solutions such as OTP over SMS and OTP via mobile apps that are 20-year-old technology. While using this technology is better than no-MFA, cybercriminals have developed sophisticated techniques and tools that regularly defeat legacy multifactor authentication (MFA). MFA significantly enhances account security, but not all MFA is created equal, and attackers are exploiting human vulnerabilities resulting in billions of dollars of losses. Here are the most common TTP used by cybercriminals.

As cybersecurity threats evolve, enterprises must stay ahead with advanced solutions. Our report, "Next-Generation MFA: Security Assurance for the Modern Enterprise," is based on a survey conducted and written by Datos Insights. In this report, we explore how leading Financial Service CISOs are addressing these challenges with cutting-edge multifactor authentication (MFA) strategies.

In today’s digital landscape, identity security is not just a concern—it’s a critical defense against the growing threats of phishing and ransomware. While multifactor authentication (MFA) has been promoted as a solution, the reality is that not all MFA is equally effective in securing user identities.

The cybersecurity landscape has recently seen a staggering surge in ransomware payments, with a more than 500% increase. Sophos' "State of Ransomware 2024" report indicates that the average ransom payment has skyrocketed from $400,000 in 2023 to $2 million in the past year. RISK & INSURANCE also reported a dramatic rise, with the median ransom demand jumping from $1.4 million in 2022 to $20 million in 2023, and actual payments soaring from $335,000 to $6.5 million. This significant rise in ransom payments reflects the growing sophistication of cyberattacks and the vulnerabilities of outdated security measures. A major factor behind this trend is the continued use of legacy Multifactor Authentication (MFA) systems, which are increasingly ineffective against modern cyber threats. Additionally, the use of Generative AI by cybercriminals to create highly convincing phishing attacks has made detection by even the most vigilant users more difficult. Let's examine the reasons behind the increase in ransomware payments, the limitations of traditional MFA, and the importance of adopting next-generation MFA solutions.

With the rise of AI-generated deepfakes, which are becoming more convincing and widespread in video conferencing, companies are finding it increasingly difficult to ensure they know who they’re actually talking to during online meetings. We’re seeing the damage cybercriminals can cause when they steal credentials using social engineering, only to then bypass outdated MFA systems to access critical data or deploy ransomware. These older MFA systems just aren’t cutting it anymore, leaving companies vulnerable in ways that are making the news almost daily.