Every year, the researchers at the WatchGuard Threat Lab take a look at what they expect to see in the next 12 months. You can see their full list of predictions. including space hacking and more attacks on mobile phones, at WatchGuard's 2022 Cybersecurity Predictions.
One of the predictions is the rapid rise of Microsoft Windows password-less authentication; but the researchers warn that cyber criminals will be quick to find ways to bypass it. Instead, the Threat Lab believes that the growing cost of cyber insurance will drive the uptake of strong multi-factor authentication (MFA) for remote access, as insurers demand better cyber defences to reduce soaring premiums.
“While we commend the fact that Windows has gone password-less for digital validation, we also believe the continued focus on single-factor authentication for Windows logins simply repeats the mistakes from history,” says Corey Nachreiner, CSO at WatchGuard. Windows 10 and 11 will now allow you to set up completely password-less authentication, using options such as biometrics, hardware tokens, or an email with a one-time password (OTP), all of which have been compromised by researchers or cyber criminals.
“Microsoft could have truly solved the digital identify validation problem by making MFA mandatory and easy to use in Windows,” says Corey. Organisations should force users to pair two methods of authentication, such as biometrics or tokens with a push approval to your mobile phone sent over an encrypted channel.
But if Microsoft does not force companies to embrace MFA, the growing cyber insurance industry may do it instead. As cyber security insurers realise that the pay-out costs to cover ransomware threats have increased dramatically, they are not just demanding higher premiums but also now actively scan and audit the security of clients before providing cover. In 2022, if you don’t have the proper protections in place, including MFA, you may not get the cyber insurance you need at the price you would like.
According to a report from S&P Global, cyber insurers’ loss ratio increased for the third consecutive year in 2020 by 25 points or more than 72%. This resulted in premiums for stand-alone cyber insurance policies to increase 28.6% in 2020 to $1.62 billion USD.
You can see how last year’s predictions from the Threat Lab team turned out at: https://www.secplicity.org/2021/11/23/2021-security-predictions-grading/