EDUCAUSE Technology: Multi-factor Authentication/Single Sign-On

            Since my blog centers around the topic of phishing, this technology in the Horizon Report seemed fitting (EDUCAUSE, 2023). Multi-factor Authentication (MFA) and Single Sign-On (SSO) are technologies meant to enhance security and accessibility respectively (Abernathy & McMillan, 2018). MFA is the use of more than one authentication method to access data assets. These methods are something you know (credentials, pin number), something you have (smart card, token), something you are (biometrics), or somewhere you are (Abernathy & McMillan, 2018). SSO allows a user to access multiple different applications, web pages, and other data assets by only signing on once. This will reduce the need to memorize multiple different credentials for the different applications.

            The college that incorporated these technologies saw a reduction in phishing attacks (EDUCAUSE, 2023). Vassar college made an effort to update their access management, password policies, MFA, and an SSO platform. MFA reduce the efficacy of phishing as phishing can typically only manage the theft of one authentication method (O'Leary, 2019). SSO reduced the attack surface of phishing by reducing the amount of login pages the attacker could copy. While MFA can increase the requirements of logging in, SSO can balance this by allowing a single login requirement over multiple logins.

EDUCAUSE Trend: Security Incidents Becoming Routine

            This trend was rather troubling to read. Incidents have gotten to a point that they have become part of daily life for many colleges (EDUCAUSE, 2023). It has gotten to a point that some institutions are shifting priority of incident response to incident prevention. Some have incorporated a separate incident management department to deal with the issue. The Horizon Report cites that more than half of institutions in the UK have reported a data breach in the last 12 months (Abernathy & McMillan, 2018). One university saw over 1 million attacks in the span of nine months. The figure below accurately represents the situation.

This is Fine



Figure 1 This is Fine (Greene, 2013)

Forces that Impact Trend and Technology

            MFA and SSO have been around for a while, but I can imagine a force that would prevent the implementation of MFA and SSO would be the potential single point of failure. If a person loses their badge or forgets their credentials. They are now restricted from multiple data assets, rather than one asset. There is also a risk of a single account being compromised and now the attacker has access to multiple data assets. I do not think SSO should be used without MFA in place.

            The force that would impact the trend of attack normalization would be the developments in security technologies. While attackers are benefiting from advancements in technology, security has benefitted as well. As attack frequency increases, improvements in email, network, and endpoint security have been stepping up to the plate to mitigate it. It is just unfortunate that attacks have become so frequent that advanced technology is required to secure data assets.

References

Abernathy, R., & McMillan, T. (2018). CISSP Cert Guide (3rd ed.). Pearson Education Inc.

 

EDUCAUSE. (2023). Horizon Report: Library Edition 2014-2017. EDUCAUSE Publications

https://library.educause.edu/-/media/files/library/2021/2/2021_horizon_report_infosec.pdf

 

Greene, K. (2013). This is Fine. Gunshow. http://gunshowcomic.com/648

 

O'Leary, D. E. (2019). What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts Using Text Analysis. Journal of Information Systems, 33(3), 285-307. https://doi.org/10.2308/isys-52481

Comments

Post a Comment

Popular posts from this blog

Forecasting and Innovation

  Infamous Prediction That Came True             The future is almost never certain. However, there are some methods that can be used in order to predict what the future may hold (Chermack et al., 2001) . Some of the predictions that were made in the past have come to fruition. One example of these predictions are the 15 advancements in technology that Bill Gate’s provided in 1999 (Gates, 1999) . While not the exact predictions, all 15 became commonplace in the current era. I won’t cover all of the predictions, but one of the most infamous can relate to his predictions on digital marketing. Summarization             The ninth prediction that Bill Gate made was "Devices will have smart advertising. They will know your purchasing trends, and will display advertisements that are tailored toward your preferences." (Gates, 1999) . Ever talk to someone about a certain produ...
Read more

Planning

  When attempting to plan for the future, there are a few methods that can be used to make these plans. Organizations planning for future events in paramount to be able to successfully grow and expand (McKenzie & Sansone, 2019) . In this discussion post, we will compare two different methods of planning. The first method is scenario planning and the second is traditional planning. Scenario Planning             The first method of future prediction is scenario planning. Scenario planning is a method of prediction that provides a flexible long-term plan (Chermack et al., 2001) . The planning often includes a mix of qualitative and quantitative perspectives to make predictions (Chermack et al., 2001) . The organization will observe both what is motivating the organization such as the economy or evolving technologies. Then the organization will identify uncertainties with these motivations and begin to identify uncertaintie...
Read more

Scenario Planning over Forecasting

Image
  There are moments in history where traditional forecasting methods have failed (Ademmer & Boysen-Hogrefe, 2022) . While it is not possible to completely what will occur in the future. Organizations can attempt to predict what may occur based on historical precedent and accumulated data (Klimberg et al., 2010) . While some errors do not have severe impacts, there are times in history where forecasting errors can have consequences. In this individual project, one of these forecasting errors will be discussed. Following the summary will be a discussion on how scenario-planning supports futuring and innovation. The forces that support scenario-planning will be identified as well. The project will conclude with the student considering how they will use scenario-planning for future innovation efforts. Forecast Failure: The Great Recession One of the more recent forecast errors that resulted in far reaching consequences was the economic crisis of 2007 – 2009 (Gadea Rivas &...
Read more