In its end of year look ahead, researchers at the WatchGuard Threat Lab predict that while Microsoft Windows password-less authentication will take off in 2022, cyber criminals will be quick to find ways to bypass it. Instead, the Threat Lab believes that the growing cost of cyber insurance will drive the uptake of strong multi-factor authentication (MFA) for remote access, as insurers demand better cyber defences to reduce soaring premiums.
“While we commend the fact that Windows has gone password-less for digital validation, we also believe the continued focus on single-factor authentication for Windows logins simply repeats the mistakes from history,” says Corey Nachreiner, CSO at WatchGuard Technologies. Windows 10 and 11 will now allow you to set up completely password-less authentication, using options such as biometrics, hardware tokens, or an email with a one-time password (OTP), all of which have been compromised by researchers or cyber criminals.
“Microsoft could have truly solved the digital identify validation problem by making MFA mandatory and easy to use in Windows,” says Nachreiner. “Organisations should force users to pair two methods of authentication, such as biometrics or tokens with a push approval to your mobile phone sent over an encrypted channel.”
But if Microsoft does not force companies to embrace MFA, WatchGuard believes that the growing cyber insurance industry may do it instead. As cyber security insurers realise that the pay-out costs to cover ransomware threats have increased dramatically, they are not just demanding higher premiums but also now actively scan and audit the security of clients before providing cover.
“In 2022, if you don’t have the proper protections in place, including MFA, you may not get the cyber insurance you need at the price you would like,” says Corey Nachreiner.
According to a report from S&P Global, cyber insurers’ loss ratio increased for the third consecutive year in 2020 by 25 points or more than 72%. This resulted in premiums for stand-alone cyber insurance policies to increase 28.6% in 2020 to $1.62 billion USD.
For more information and the full set of WatchGuard Threat Lab predictions including videos, go to: WatchGuard's 2022 Cybersecurity Predictions
And to see how last year’s predictions turned out, go to: https://www.secplicity.org/2021/11/23/2021-security-predictions-grading/