1. Implementing Multi-Factor Authentication (MFA)
By requesting various forms of verification from users before granting access to a system or application, multi-factor authentication (MFA) enhances security during the authentication process.
Usually, this is fusing information that the user already knows (like a password or PIN) with information that they possess (like a smartphone or hardware token) or are (like biometric information like fingerprints or facial recognition).
Even if passwords are exposed due to phishing attacks or data breaches, enterprises can greatly lower the risk of unauthorised access to critical information and systems by using multi-factor authentication (MFA).
Source Internet Link: Digital Identity Guidelines: Authentication and Lifecycle Management (nist.gov) Page 16 to 38
2. Implementing Network Segmentation and Least Privilege Access
To restrict an attacker’s ability to move laterally in the event of a security breach, a network can be segmented into smaller, isolated segments or zones.
Network segmentation and stringent access restrictions help organisations reduce the effect of cyberattacks, stop unwanted access to critical systems and data, and limit possible security issues.
Aside from lowering the danger of unauthorised access and limiting the possible harm brought on by compromised accounts or internal threats, using the principle of least privilege guarantees that users and systems have just the minimal amount of access required to complete their duties.
Source Internet Link; Guidelines for securing Wireless Local Area Networks (WLANs) (nist.gov)
Leave a Reply