How can we stop this from happening again? Learn more at https://surf.security
Last Sunday, the South China Morning Post reported on a ‘first-of-its-kind’ theft involving an AI Deep Fake impersonation of the CFO of a multinational corporation.
Now other than beefing up its bonkers lax processes (it seems as if they were copying the security strategies of the first 2 little piggies from the famous fairy tale), or enforcing them more strictly; how could this situation have been avoided?
The SURF Enterprise Zero Trust BrowserTM .
You wouldn’t use consumer grade security in a bank, or any company. It’s not like CISO’s place their career’s in the hands of Microsoft Defender. But most do allow the use of Chrome, Edge, or Safari, as their company browser. Or worse, they allow any old browser, with a dizzying array of nefarious extensions.
Organisations using SURF as their enterprise browser can enforce policies that would make the above incident near-impossible by adding transactional MFA. (Nothing is actually impossible.)
SURF can enforce Single Sign-On (SSO) into company assets and services if you are using the SURF Browser. This can include Google Chats, Microsoft 365, Zoom, teams, GitHub, etc… And Surf can enforce Multi-Factor Authentication via authenticator apps or other methods.
Now if your Zoom account isn’t bound to Surf’s browser, a Zoom user can get bored of the MFA requirement, switch it off, and choose not to enforce it. Creating a potential way in for a breach.
But if your company policy is to login to Zoom using conditional access and SSO via the SURF browser; then you can force MFA 2-step verification via an authenticator. This would stop any method of logging in without the authenticator app which resides on your phone, which is in your pocket or purse, and secured via your biometrics.
It’s the literal policy-level incarnation of forcing you to authenticate via ‘something you have, something you know, and something you are’.
