Most cybersecurity projects in banks are driven by one thing – URGENCY. New technology is introduced usually because something has happened. Best case scenario – new regulations. Worst case scenario – an attack. Secfense together with BNP Paribas bank showed a transition to passwordless during Finovate London 2022 and in this article we will tell a little bit more about it.
In the case of BNP Paribas bank, it was the first one. Internal regulations related to the NIST cybersecurity framework. The bank had to introduce multi-factor authentication on all critical systems. The deadline was short and there were over 100 applications to protect. During Finovate 2022 bank representatives Patrycja Karwat and Bartosz Miazga, cybersecurity specialists from BNP Paribas Poland together with Antoni Sikora, head of growth from Secfense showed a demo on how the bank rapidly introduced Multi-Factor Authentication (MFA) across the entire organization.
Secfense and BNP Paribas bank on Finovate 2022
The team focused their presentation on three things:
- speed of the deployment
- no integration costs
- comfort to the end-users
Secfense started to work with BNP Paribas bank in 2021 with the goal of rapid deployment of multi-factor authentication on all critical systems. During Finovate, we showed how to achieve such a goal.
Why should MFA be introduced across entire organizations?
Like most organizations, the bank had some applications protected only with passwords. The bank was aware of the risks related to that and was ready to change that. 81% of attacks result from stolen or weak passwords. 63% of successful attacks come from internal sources, and 33% involve social engineering. These types of attacks can be completely eradicated by removing passwords.
The demo presented on Finovate was exactly how the real live deployment of the User Access Security Broker (UASB) looks like. It’s super easy, takes only a few minutes, and can be automated. The time and money that can be saved when deploying every technology like this simply cannot be underestimated. No coding, no need to hire software developers. Just a few configuration steps and that’s it.
Broker Learning Stage
The learning stage is the part of the process when ‘the magic‘ happens. This is a moment when UASB learns login patterns. This knowledge will later be used in order to trigger strong authentication mechanisms.
The learning stage takes just a few seconds and when it’s over the acquired patterns are switched on and from this moment the administrator can add any MFA to the application. It’s that easy and that simple.
The admin can now decide what authentication method should be added. These can be one-time codes if that’s the company policy and preference. However, this method is not recommended by Secfense. We recommend moving to FIDO2 authentication which is an open web authentication standard that allows users to authenticate without codes or passwords and use biometric authentication instead, like fingerprint scan or face recognition.
There are operating systems that enable securing workstations with strong FIDO2-based authentication. This is, for example, Windows Hello, a system that allows you to log in to your workstation without a password and to authenticate using biometrics. Thanks to the Secfense User Access Security Broker, BNP Paribas bank, which has already used Windows Hello, could leverage this authentication method and apply it not only to workstations but many other office applications.
With Secfense User Access Security Broker, you can eliminate the risk of phishing in less than 2 minutes. This is not just an empty marketing slogan – the demo made on Finovate shows how it can be done.
The great thing is that every organization can use these methods too. Every company can start using the strongest and safest standard available on the market because it’s open and free to use. You can even do it without Secfense. If you own a handful of apps you can hire your own software developers that will redesign your apps to work with this standard. You can talk to us and we will advise you on the best way to do so.
When Secfense User Access Security Broker comes in handy?
When there are hundreds of applications and systems to protect. When there are thousands of users connecting every day to their office apps. When there are applications and systems build within years using different technologies. In this case, Secfense can be a great idea.
What else Secfense broker can get you?
You can add extra protection with microauthorizations which add extra layers of authentication if necessary or with full site protection which creates a distinction between trusted and untrusted networks. There are tons of possibilities and it all depends on you and your company’s preferences.
There are plenty of good arguments to move away from passwords. According to Gartner, 20% to 50% of all helpdesk calls are password resets and the average cost of one password reset is around $70. With Secfense, you can take passwords away from your employees and replace these passwords with a much stronger, more convenient, and cost-effective alternative.
Introducing MFA wherever possible is really important. But even more important is HOW it’s done. In the case of BNP Paribas bank it was:
- a non-invasive way
- zero integration costs
- no burden to end-users
If there’s one thought we could leave you with it would be:
It is possible to launch and scale strong authentication within the entire organization. No matter how big and complex the organization is.
If you’d like to learn more about:
- phishing-resistant, open web authentication standard called FIDO2
- benefits of passwordless authentication
- types and use cases of biometric authentication
- microauthorizations that give an extra layer to application security
- full site protection that makes a distinction between secure and insecure networks
Just click the links above. And if you’d like to talk to our consultant you can contact us and ask us a question here. We will tell you if User Access Security Broker is the right fit for you and if it’s not we will point you to the best alternative to go with.
