Today’s phishing e-mails are barely recognizable as such and are the perfect way for attackers to gain access to businesses’ IT infrastructures. Attackers are also increasingly exploiting MFA solutions for this purpose. With the solution developed by EBF’s new partner, IDEE GmbH, businesses, municipalities, and organizations can prevent phishing attacks and offer employees simple and secure access to company resources using MFA – without the need for a second device. Does that sound impossible? It’s not. Read this blog article to find out why.
The threat level in Germany’s cyberspace is higher than ever before – according to the BSI’s 2023 report on “The State of IT Security in Germany”. Phishing attacks – which are used by attackers to gain access to IT systems in businesses, government institutions, and organizations – are one relevant type of threat.
The basics of cybersecurity
Protection against such attacks is crucial and should be a top priority for every IT department. There are three key pillars to focus on:
Employee training
Companies must continue to raise awareness of cybersecurity and methods of attack among their employees and provide them with training so they can recognize phishing attempts as such and ensure they are not susceptible to attack.
Tools and technologies for prevention
Technologies such as mobile threat defense solutions, virus scanners, and tools for securing external access through multi-factor authentication and VPNs help to reduce gateways.
Preparing for an emergency
Every company and every organization needs an emergency plan – including manuals and guidelines that precisely define who must do what, when, and how. Regularly monitoring data traffic helps quickly identify intruders who are seeking to penetrate an organization’s systems. It is also essential to perform regular offline backups of the company’s most critical data to ensure it can be restored quickly.
Preventing phishing attacks
EBF’s new partner, IDEE GmbH, provides support for the second pillar and is committed to making digital identities and access methods more secure. This is precisely where multi-factor authentication comes in. However, in its most common usage scenarios, it fails to effectively protect against attacks, complicates login processes, and cannot always be implemented if employees do not have access to a second device. AuthN by IDEE is a solution that enables businesses to avoid these issues and eliminate the vulnerabilities caused by multi-factor authentication methods to enable login processes that are both simple and secure.
What is AuthN by IDEE and how does it work?
AuthN by IDEE enables multi-factor authentication (MFA) without the need to enter a password or token or use a second device.
The solution relies on the Trusted Platform Module (TPM) chip, which is located in the devices, in conjunction with public key cryptography. The first factor (cryptographic key) is created and stored securely on the TPM of the user’s device. This key can only be used once users have been verified with the second factor using a fingerprint, FaceID, or a PIN – a password is not required. This means that only trusted users with a trusted device can log in to a trusted platform or system, thus making it impossible for cybercriminals to commandeer accounts and gain unauthorized access – because they can no longer enter a stolen password, for example.
We’re thrilled with our partnership with IDEE and the fact that their innovative solution ideally complements our IT security portfolio.
AuthN by IDEE allows businesses and organizations to prevent phishing attacks and offer their employees secure ways to authenticate themselves and access systems. This is the way to implement MFA without a second device!
Markus Adolph
EBF founder and managing partner
Which businesses can benefit from the solution?
In general, AuthN by IDEE is the right fit for any company that is committed to secure, user-friendly processes. Its innovative technology makes tokens or additional devices for authentication, like smartphones, obsolete, which translates into considerable savings and reduced logistical effort. That’s what makes the solution so attractive for companies and organizations that cannot or would prefer not to roll out business smartphones for all their employees. Deployment is also quick and seamless, and it doesn’t tie up a lot of IT resources.
Deploying and operating AuthN by IDEE with EBF
As an IDEE GmbH managed service provider (MSP), EBF is proud of its workplace experts, who understand AuthN by IDEE in detail. We’re happy to answer any questions you may have regarding how to use the solution. We can also help you implement it and provide you with support and managed services. Don’t hesitate to contact us!
Phishing – the danger is real
Phishing attacks take place every day – and target both our sensitive personal and business data. Most phishing attacks are carried out via e-mail. However, attackers are also becoming more sophisticated and increasingly diversifying their methods of attack, which has led to a rise in phishing activities via text messages, social media, and voice calls, as summarized in the BSI’s 2023 report on “The State of IT Security in Germany”. Phishing, a neologism combining “password” and “fishing”, is aimed at acquiring authentication data, such as passwords, from users. This data can then grant unauthorized access to company IT networks, among other secure systems. Attackers send e-mails asking users to enter their data on fake websites.
The flood of phishing e-mails continues to rise. To make matters worse, the quality of the e-mails sent by attackers continues to improve (not least thanks to modern technologies such as AI) – making it increasingly difficult for users to recognize these e-mails as threats. In the past, detecting phishing e-mails was relatively easy due to the many typos and grammatical errors they contained. This is no longer the case today. Moreover, there are now countless phishing-as-a-service providers (PhaaS) that provide services to help hackers carry out successful attacks.
