We are thrilled to share the release of HYPR's fourth annual 2024 State of Passwordless Identity Assurance Report! Don't wait to dive into the latest trends shaping the identity security landscape. https://hubs.la/Q02xX_wC0 #cybersecurity #identitysecurity #passwordless
HYPR | The Identity Assurance Company
Computer and Network Security
New York, NY 17,374 followers
Creating Trust in the Identity Lifecycle as The Identity Assurance Company
About us
HYPR is on a mission to improve the lives of security-minded leaders, their employees and customers by helping organizations create trust in the identity lifecycle. HYPR provides the strongest end-to-end identity security, combining modern passwordless authentication with adaptive risk mitigation, automated identity verification and a simple, intuitive user experience. With a third-party validated ROI of 324%, HYPR easily integrates with existing identity and security tools and can be rapidly deployed at scale in the most complex environments.
- Website
-
https://www.hypr.com/
External link for HYPR | The Identity Assurance Company
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- New York, NY
- Type
- Privately Held
- Founded
- 2014
- Specialties
- Cybersecurity, Mobile Security, Infrastrucure, Data Security, Security, Wireless, Privacy, SaaS, Software, Cloud, Enterprise, Authentication, Internet of Things, and Identity
Locations
Employees at HYPR | The Identity Assurance Company
Updates
-
78% of organizations were targeted by identity-related attacks last year. How is your organization adapting its security strategy? Join Bojan Simic and Ryan Rowcliffe as they discuss how multi-factor verification combats modern threats by making identity verification an intrinsic part of daily access flows. #authentication #identityverification #identitysecurity
Everything You Ever Wanted To Know About Multi-Factor Verification
www.linkedin.com
-
The attack on client accounts of cloud data giant Snowflake continues to have widespread impact. Today AT&T disclosed a massive data breach affecting approximately 110 million customers, involving call and text records. Like the data breaches announced by Ticketmaster and Santander, the data was stolen when cybercriminals exploited weak authentication practices on Snowflake accounts, allowing them to gain unauthorized access. Orchestrated by the group UNC5537, the attack exploited stolen credentials and inadequate security measures, highlighting the critical importance of robust identity and access management practices. While the stolen AT&T data did not include message content, it did include the phone numbers of both the AT&T customer and the party they were interacting with, as well as call and text counts and call duration. This makes the data a valuable tool for further social engineering attacks. Key Takeaways - MFA is No Longer Optional: Single-factor authentication should be a relic of the past. Snowflake has now made MFA mandatory for administrators, but this should be the norm across all user accounts. - Credential Hygiene is Crucial: Regular rotation of credentials and unique, complex passwords for each service can significantly reduce the risk of credential stuffing attacks. - Continuous Monitoring is Key: The ability to detect and respond to unusual activity quickly can make all the difference in mitigating the impact of a breach. Passkeys: The Path Forward The Snowflake breach presents an opportunity to advocate for more advanced authentication methods, such as passkeys based on the FIDO2 standard. Passkeys offer several advantages that could have potentially prevented or mitigated this incident: - Phishing-Resistant: Passkeys are bound to the legitimate website, making them resistant to phishing attacks. - No Shared Secrets: Passkeys eliminate the need for shared secrets, reducing the risk of credential theft. - Built-in MFA: Passkeys inherently provide multi-factor authentication, combining something you have (your device) with something you are (biometric verification). - Improved User Experience: Passkeys offer a seamless login experience, encouraging wider adoption of strong authentication methods. This incident underscores the importance of robust cybersecurity practices and proactive measures to protect sensitive data. Snowflake has since announced measures to help enforce multi-factor authentication on accounts, which is certainly a step in the right direction. However, the methods available are not phishing-resistant and can also be bypassed by a determined hacker. Share further thoughts and questions in the comments below! #cybersecurity #snowflake #AI #cyberattack FIDO Alliance
-
-
Bad actors are infiltrating organizations by social engineering the IT helpdesk. How? #identityverification #phishing #cyberattack
This content isn’t available here
Access this content and more in the LinkedIn app
-
Busy week at HYPR as we come together in NYC to collaborate, strategize and spend quality in-person time together. More to come throughout the week! #cybersecurity #identitysecurity #identityassurance
-
-
Passkeys aren't the problem - it's the the weaker fallback methods that are. Jeffrey Hickman, HYPR's Head of Solutions Engineering, offers a thoughtful response to a recent article on passkeys, providing clarity around their security and what factors contribute to weaknesses. #cybersecurity #passkeys #CIAM
Recently found an article online that felt a bit too "click-baity" about passkeys, one of my major pet-peeves. So I wrote a thing about it. #passkeys #fido #clickbait #passwordless
Passkeys aren't click-bait...
Jeffrey Hickman on LinkedIn
-
Trivia Thursday Takeover! Test your cybersecurity knowledge with our special-edition Independence Day trivia. #cybersecurity #cyberthreat #cyberattack
This content isn’t available here
Access this content and more in the LinkedIn app
-
Identity threats are evolving so rapidly that traditional security measures are no longer sufficient. From emerging generative-AI threats to the latest in passkey technology, HYPR Field CTO Ryan Rowcliffe sits down with Andrew Shikiar, Executive Director and CEO of the FIDO Alliance, to discuss insights from the latest State of Passwordless Identity Assurance report. In this engaging talk, Ryan and Andrew dive into the top identity security threats of 2024 and how organizations can stay ahead of them. Key topics include: - Current Identity Security Practices: Ryan and Andrew explore the strengths and weaknesses of existing security measures and how enterprises are adapting. - Top Causes of Breaches: Discover the primary vulnerabilities leading to breaches and the strategies to mitigate these risks effectively. - Generative-AI Threats: Learn about the evolving landscape of AI-driven threats and innovative ways to combat them. - Passkeys and Identity-First Security: Understand how to build a robust, identity-first security framework to protect your organization. Don't miss out — tune in today. Arm yourself with critical insights to enhance your security posture and safeguard your enterprise against the identity threats of tomorrow. Watch the recorded webinar now for an insider's look at the report's key findings: https://bit.ly/3zpgI6u #cybersecurity #identitysecurity #passwordless
What Are the Top Identity Threats in 2024? Insights From the Annual State of Passwordless IA Report
get.hypr.com
-
Change management is often the reason many identity projects seem to linger on forever or don't ever get started at all. Driving change across an entire user base is never trivial, especially when IAM teams are driving behavior change along with it. When it comes to MFA, many organizations have recently implemented it. Unfortunately, the vast majority of the time, they implemented the phishable kind. You know, the kind that uses OTP codes and PUSH notifications alongside passwords. These legacy methods of doing MFA have proven to be vulnerable to automated attacks and even when they are successful, hackers will go to the next weakest link in the chain, the IT help desk. By social engineering the IT help desk (usually some combination of KBA), they simply enroll a MFA credential as the target user and have almost unrestricted access to an environment. Today, IAM teams must be able to secure the identity chain throughout. Otherwise all the effort gone into change management is wasted. Here are three tips: 1. Make sure your MFA is phishing resistant, always. 2. Put in place controls to make sure your credential reset process is not vulnerable to social engineering. 3. Put in place a system to monitor identity risk and automatically respond to threats. Here at HYPR, we love a good meme. Enjoy Bojan Simic's Meme Monday, and his recommendations for IAM teams working through product evaluations and change management across large organizations. #cybersecurity #IAM #MFA
-