Les Bell

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories

Australia, New Zealand, Lag in MFA Adoption, Says Yubico

MFA vendor Yubi has published the results of their first State of Global Enterprise Authentication Survey, which garnered responses from over 16,000 employees in 8 countries: Australia, New Zealand, Singapore, the UK, the US, France, Germany and Sweden. And the results do not look good for A/NZ.

In Australia, 65% of employees still rely on username and password as the primary account authentication mechanism - higher than the global average of 59% (NZ is a little better, at 63%), leaving them exposed to basic phishing attacks. Worse still, Australians still rely heavily on SMS-based verification, at 38% of respondents, compared with the global figure of 33% (NZ: 31%). This is despite the fact that the use of SMS for verification was deprecated by NIST SP 800-63B over five years ago - a point I have been hammering in my teaching.

Australia is in line with global trends in the use of password managers, although NZ still lags a little. But we're behind again in the adoption of FIDO U2F security keys - while the global adoption rate is 20%, Australia lags at 15% and NZ at 13%. I can't help wondering if people are concerned about being denied access to systems if they don't have their keys to hand, or not being able to cope with some imagined complexity; in practice, it's not a problem - we turned on mandatory MFA, using U2F security keys, across two businesses some years ago and have had no problems other than one lost key (which was immediately revoked).

There are some other interesting statistics in the survey report, including some alarming data about user perceptions of what constitutes secure authentication.

And if you remain unconvinced about the dangers of phishing attacks, take a look at this recent video:

Yubico AB, State of Global Enterprise Authentication Survey: including exclusive data from Australia & New Zealand, survey report, March 2023. Available online at https://www.yubico.com/resource/state-of-global-enterprise-authentication-survey-australia-and-new-zealand/.

Microsoft Brings AI to Windows Security

Microsoft this week revealed its new OpenAI GPT-4-powered security analysis tool, called Security Copilot. The new product applies OpenAI's generative artificial intelligence and Microsoft's own security-specific language and data model to the data produced by the company's security products such as Microsoft Sentinel, Defender and Intune, allowing relatively untrained analysts to identify security incidents, obtain response instructions and even produce PowerPoint presentations which summarize an incident attack chain for management.

It's also possible to drag and drop files onto the product's prompt bar and ask questions, such as whether a dropped log file contains indications of a particular threat activity. Multiple queries can be collected into 'books' which can perform sequences of steps such as reverse-engineering malware and diagramming its operation. Results can also be shared within a team and saved to provide a record of, say, an incident response investigation.

The product is not fool-proof - in Microsoft's own demo it produces a spurious reference to 'Windows 9' - but it should prove near-irresistable to overworked enterprise SOC teams.

Microsoft Security, Introducing Microsoft Security Copilot, web page, 28 March 2023. Available online at https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot.

These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.