Happy Friday!
Yesterday's event was really special. It was an all-day Cybersecurity Conference at UH Manoa assembled by CyberHawaii and included speakers from CISA, the State of Hawaii, USIC, Homeland Security, Secret Service, Coast Guard, NCIS (yes, it's a real thing) and of course, the FBI.
The over-arching theme was that these agencies all felt that something was coming (it was even the subtitle for the event) and to help the public prepare for whatever IT is.
The 1 Big Takeaway: 2-Factor Authentication (2FA)
Let's talk about the elephant in the room: yes, having a text message or having to type a code off your phone every time you log in can be a pain. I get it.
Are there ways that hackers can circumvent 2FA to get into your account? Yes, such as impersonating a bank and calling the victim to social engineer them into giving them a code, taking over your cell phone (SIM swapping) or by purchasing a 2FA bypass kit off the Darkweb.
However, making sure that 2FA is enabled on every possible service you use does easily, cheaply and significantly improve your security posture and reduces your chance of being compromised by up to 99%.
The good news is that according to a recent report released by Okta, 64% of organizations with fewer than 300 employees have already implemented MFA across the board. Is it perfect? No. But it's more than half and if you have not reviewed your web services to ensure that 2FA is enforced on all of them, I highly recommend doing so, today.
It reminds me a quote used in one of the presentations yesterday:
“There are only two types of companies: Those that have been hacked and those that will be hacked.”
– Robert S. Mueller, III, former Director of the FBI
Stay safe out there.
-Attila
New Friday Funnies!
A funny picture generated by AI
(DALL-E):
"make me a picture of a cat drinking coffee while typing on a computer keyboard"