Skip to content

Empowering women in tech: success stories

 
The tech industry faces a talent shortage, with an estimated 85 million unfilled positions by 2030. One contributing factor is the underrepresentation of women, who currently comprise only 22% of Europe’s tech workforce and 34.4% of the largest US tech companies. However, at Nord Security, we’re happy to be above the industry standard, with nearly 40% of our colleagues being women. Meet four exceptional women in our community – Toma Jonuškaitė, Rima Miselytė, Gintarė Kučiauskienė, and Sigita Jurkynaitė – who are making significant contributions to the industry and shaping our cyber future.

The myth-busting truth about women in tech

Tech – not just for men

In the 1840s, Ada Lovelace, a mathematician and writer, drafted the first computer algorithm, unknowingly paving the way for the future of technology. Recognized as the world’s first computer programmer, she shattered stereotypes and demonstrated that women can excel in tech alongside men.

Despite their proven capability in tech, not all see themselves fitting into this male-dominated industry.

“Our NordSwitch program is a prime example,” she says. “Out of 600 applicants, we selected 21. Surprisingly, even 13 of them were women making bold career switches. One shifted from being a professional harpist to an Engineer, and another transitioned from teaching English in South Korea and Lithuania to becoming a Junior Data Engineer.”

Despite the big underrepresentation of women still in the tech industry, a wave of change is happening. Deloitte’s findings reveal that from 2019 to 2022, women’s participation in tech saw an 11.7% surge in technical roles. The rise in women in leadership roles is even more encouraging, soaring by nearly 20%. This trend signals a brighter and more inclusive future for tech, inspiring more women to join and thrive in this dynamic field.

Tech is not (all) rocket science

Tech jobs, including cybersecurity, are challenging due to the rapidly evolving nature of the industry and the complexity of the systems involved. However, the difficulty varies depending on personal aptitude and interests.

Gintarė Kučiauskienė, a champion for diversity at Nord Security, holds the role of Product Owner at our flagship service, NordVPN. Though her position is technical, Gintarė explains that with foundational tech knowledge, strong analytical thinking, problem-solving, time management, and communication skills, the Product Owner role is well-suited to women who want to thrive in tech.

As a Product Owner, her responsibilities involve overseeing team deliverables and ensuring the product’s quality, monitoring user engagement and satisfaction, and compliance with legal standards. Additionally, she inspects the product for vulnerabilities or security flaws.

Summarizing her experience, Gintarė emphasizes her role’s complexity and demands: “The PO role indeed requires juggling many tasks simultaneously, but with a bit of knowledge in the field, it’s manageable. Although we develop techy stuff at Nord Security, it’s not NASA, and we’re not building a rocket. If I can thrive here, any woman can,” she encourages.

Rima Miselytė, Solutions Architect at NordPass and NordLocker, also supports the statement, saying that it’s just a stereotype that tech is complex and advanced.

As a Solutions Architect, she assists engineering teams in discussing, analyzing, and building more scalable and robust solutions for NordPass and NordLocker products. She plays a key role in driving the products’ major initiatives, empowering teams to develop their solutions by providing guidelines and reference architecture.

“The role requires understanding both technical capabilities and business needs and concerns to provide the technical guidelines. You need to be flexible, adaptive, and truly creative here. It’s an excellent role for engaging and communicating with everyone across the organization to design and build solutions as a team. All these aspects are what I enjoy the most about my role,” shares Rima Miselytė.

These are just a few examples of the roles in which women can truly excel in tech. Discover more opportunities at Nord Security.

Tech for non-techies

The truth is that you don’t necessarily need to be technical to work in tech. Apparently, 43% of roles advertised by tech companies were non-technical, found a study from Glassdoor.

Gintarė Kučiauskienė, Product Owner at NordVPN, expands on this idea:

Toma Jonuškaitė is one such example, holding an Employer Brand Manager role at Nord Security. She’s one of the key people shaping and promoting the company’s image as a desirable place to work. Despite not having a technical background, her career path has always been intertwined with it:

“I started my career as a business journalist, focusing on tech and automotive sectors (e.g., doing new car test drives). Later on, I switched to communications, public relations, and marketing. My experiences spanned from managing events in the gaming industry, including international conferences like Gamescom and GDC, to launching innovative products across the Baltics tobacco industry.”

There are way more roles for women looking to make their mark in the tech industry without needing deep tech knowledge, from sales, legal, and administration to design, marketing, risk, and more.

In addition, numerous strategic roles demand not just a grasp of technology but also a strong set of interpersonal skills. Our Information Security Manager, Sigita Jurkynaitė, underscores the importance of communication and teamwork.

“I work closely with diverse teams to maintain the highest international security standards. This role heavily involves maintaining info security documentation and refining processes. While these tasks may appear mundane, they are crucial for ensuring that what’s on paper works well in reality. This involves effective communication with colleagues across various departments, from HR and software development to communications and IT administration, ensuring our strategies are successfully implemented. This role gives me a unique chance to deeply understand our company and drive meaningful improvements in our security posture.”

Sigita also highlights that her position allows room for creativity, particularly in designing security awareness and training initiatives. “I love that I can let my imagination run wild, developing engaging and original content that strengthens our security culture.”

In essence, the tech industry offers a place for everyone, man and woman, with technical backgrounds or without, to innovate, create, and make a lasting impact in the industry.

Women powering the tech industry forward

The tech industry’s vast job opportunities and attractive pay packages are compelling reasons for women to explore careers in IT. Beyond these advantages, women’s involvement significantly propels the industry forward.

  1. Bridging the talent gap

     

    With cybersecurity alone reporting more than 36,000 open positions in the public sector and more than 700,000 available jobs in the private sector globally, the tech industry faces a pronounced talent shortage. “We’re facing a huge gender gap in technology, and one of the reasons why – is that the importance of inclusion is often overlooked,” emphasizes Sigita Jurkynaitė, Information Security Manager. She underscores that embracing diversity is crucial in seeking to close this gap.

    According to McKinsey research, that could become a reality. If Europe could achieve a 45% female workforce in the tech sector by 2027, it could bridge the talent shortage and potentially increase European GDP by up to €600 billion.

     

  2. Driving innovation

     

    Diverse teams are proven to be more innovative, reveals the Harvard Business Review study.

     

    Rima Miselytė, a Solutions Architect at NordPass Engineering, highlights the value of women in engineering, coding, and cybersecurity in crafting better solutions and software. Gintarė Kučiauskienė from NordVPN adds that products designed by diverse teams are more capable of addressing the varied pain points of a broad demographic, including users with special needs, underscoring the tangible benefits of diversity in creating universally accessible technology.

     

  3. Boosting performance

     

    Increased innovation creates growth in revenue and performance. Research from McKinsey found that, on average, organizations that prioritized gender diversity in their executive teams outperformed their competitors by 20% in terms of profitability.

     

  4. Enhancing talent attraction and retention

     

    Organizations fostering inclusive culture find it easier to recruit a more diverse staff. As a result, they have a 22% lower turnover rate, finds Deloitte. Additionally, women in executive roles are more likely to hire other women, enhancing the visibility of females in tech positions and inspiring their peers to pursue similar paths.

     

    Rima Miselytė, Solutions Architect at NordPass, agrees with this, saying that her colleagues in tech had a huge impact on her career:

“I’ve been lucky enough to have teammates who taught me confidence in my abilities and helped me to find my way in the tech industry (even if that forced me to get out of my comfort zone). At Nord Security, we also have plenty of successful women at all levels, from dedicated employees to great leaders, who actively lead and help grow by their determination and passion.”

How to get into tech?

Aside from those who have completed four-year degrees in IT, there are other pathways you can take when changing careers and getting into tech. To help you get there, we have listed some of the ways you can explore:

  1. Identify your desired tech role

    Dedicate time to exploring and comprehending the various roles within the tech industry. If a particular career sparks your excitement or passion, prepare to put in the effort. “Be curious, open-minded, and willing to learn from others,” advises Rima Miselytė, Solutions Architect at NordPass.

     

  2. Find out the needed skills

    Our Information Security Manager, Sigita Jurkynaitė, suggests beginning with finding the skills that are necessary for your desired role. They can be transferable (a core set of skills and abilities that go beyond a particular role) and specific, non-transferable skills unique to a domain. Typically, they’re outlined in job ads.

    For those eyeing a career in information security, Sigita outlines a skills matrix useful for the field:

    Blog woman in tech inside blog 4Gain knowledge and practice

  3.  

    As mentioned above, it’s not necessary to have a degree in IT. There are many other paths that help “new-collar workers” (skilled employees with a nontraditional education) gain skills and excel in their desired positions. You can join IT schools, but you can also participate in boot camps, online learning, open-source projects, reskilling, mentorship programs, and more.

     

    For those seeking to dive into the information security field, Sigita Jurkynaitė suggests exploring the tech career pathways, which list all the courses and certifications needed to gain the necessary knowledge.

     

    To help you gain job-ready skills, you can join internships or reskilling programs, like the one we just announced at Nord Security – NordSwitch, which is designed for people dreaming of switching careers to tech.

     

    This year, we’re seeking individuals – both women and men – keen on pivoting to roles in InfoSecurity, Data Analytics/Science, SysAdmin/SRE/DevOps, C++, GO, SWIFT, Android/Kotlin, Risk, Conversion Rate Optimization (CRO), and Sales Development (SDR).

     

    Applications are open until April 15. Selected candidates will get a 6-month paid internship contract, work together with our expert teams, and, in some cases, receive a permanent work contract.

    Apply to NordSwitch

  4. Build your network

     

    Entering the tech world is all about making the right connections. In fact, experts suggest at least 80% of all jobs, are filled through a personal and professional network.

    Attending meetups and conferences is an excellent strategy to put yourself on the map. If you’re based in Lithuania, explore our cybersecurity meetups – NordCamp.

     

  5. Start job hunting

     

    When you’re ready to find your place in tech, use every available resource to enhance your job search and increase your chances of landing a role that suits you perfectly. Follow your dream company’s websites and social media channels. Extend your search to platforms like LinkedIn, Glassdoor, and GitHub to discover open positions.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Beyond Cyber Essentials: A Look into Diverse Cybersecurity Standards

Ransomware payments last year exceeded $1 billion, a trend projected to persist this year as a significant cybersecurity threat for all types of businesses, with reports that 69% of SMBs are unprepared to deal with the next cyberattack. However, many seek to meet global standards that assist them in strengthening their cybersecurity posture, defending against ransomware and other cybersecurity threats, and opening up new business opportunities. One such standard is the Cyber Essentials.

The 5 Security Controls of Cyber Essentials 

Cyber Essentials, launched in 2014 as a UK-based standard for cybersecurity controls and practices, was initiated by the National Cyber Security Centre (NCSC). Similar to many other cybersecurity standards, it helps businesses identify which clients are using effective cybersecurity practices and implementing proper data security. This, in turn, facilitates new business relationships, including those with the UK government. The Cyber Essentials includes five different security controls that are meant to defend against 80% of cybersecurity attacks. 

They include:

  • Firewalls and routers. Check anti-virus software and internet gateways routinely to prevent the use of default passwords and unauthenticated access. Remove permissions once they are no longer needed. Approve and document all rules for firewalls together with both an approved individual and the organization. 
  • Patch management. Ensure all software is licensed, supported, and patched within 14 days of an update release. Routinely fix vulnerabilities scored as “high” or “critical.” All vulnerabilities with a CVSS v3 score of “7” should also list the fixes.
  • Malware protection. Keep software up-to-date and configured to scan files when accessed. Web pages should also be scanned automatically when accessed through a web server, and connections to malicious software sites should be prevented.  
  • Access control. Protect against malicious attackers gaining access to systems and networks by only allowing authorized individuals to access accounts. Use a combination of authorization and authentication methods to accomplish this. 
  • Secure configuration. Misconfigurations are one of the most common sources of data breaches. Ensure your services and networks are properly configured to reduce the number of vulnerabilities malicious threat actors can potentially exploit.  

5 Alternative Cybersecurity Frameworks and Standards

While there may be some overlap between the Cyber Essentials and other cybersecurity standards, each 

  • ISO 27001. An international standard was formally adopted in 2005 by the International Organization for Standardization (ISO). Its goal is to facilitate the effective implementation, use, and improvement of information security management systems (ISMS) within a business and its third parties. 
  • NIST Cybersecurity Framework (CSF). Initiated by Obama in 2014 to improve the cyber resilience of critical infrastructure, it is now the most common set of voluntary standards adopted by businesses. It provides all businesses with a simple set of steps to execute to strengthen their cyber resilience. 
  • PCI DSS. A cybersecurity standard for businesses who transmit, store or generate data related to credit and debit card payments. Its goal is to protect consumers against fraud and data theft. 
  • GDPR. A regulation focusing on the data privacy of customers in the European Union or businesses who process customers’ data in the European Union. 
  • HIPAA. Developed in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is a U.S. regulation aimed at protecting patient health information (PHI). 

Evaluating the Effectiveness of Alternative Cybersecurity Frameworks

The Cyber Essentials were developed with a specific use case in mind, one in which an attacker uses publicly available tools and techniques to launch security attacks. Although it broadly covers the five security controls mentioned, it may not be comprehensive enough for businesses in specific industries with specific compliance requirements and complex IT environments that encounter evolving cybersecurity risks. On the other hand, its broad scope makes it easier to implement for businesses of all sizes across industries.

Alternative cybersecurity standards and frameworks such as ISO 27001, PCI DSS, NIST CSF, and HIPAA have detailed guidelines for improving cybersecurity posture and protecting sensitive information according to their industries. While they are comprehensive and effective, they are limited in scope and can be harder to implement in larger organizations that have detailed requirements. Noted exceptions are the NIST CSF, which is adaptable and flexible for businesses in different industries but also consumes resources when implemented in larger organizations. The GDPR is also an effective regulation but can be difficult to implement due to its broad scope. It also focuses on legal aspects of data privacy rather than data protection. 

The Perfect Combination of Cybersecurity Standards 

Businesses that seek to replace the Cyber Essentials with an alternative cybersecurity framework must first evaluate whether or not it also covers these five security controls and has UK accreditation. Any additional framework should also require evidence that it tests against these controls or assesses the overall outcome (e.g., to manage the risk of an internet attack). 

Implementing alternative standards that complement the Cyber Essentials rather than replacing it can give your business additional recognition as a company that has a strong cybersecurity posture and implements best practices. However, implementing multiple regulations can also drain resources and be challenging depending on the requirements. Before adopting an additional cybersecurity framework, a business should ask itself which security threat it is trying to defend against. They should then explore which combination of standards might be the most relevant in defending against those threats. 

How Guardz Protects MSP Client Data 

As ransomware and other looming cybersecurity attacks increase against businesses, governments may develop stricter cybersecurity regulations and standards. Although businesses should continue staying informed of different types of compliance, they need a multi-layered approach and solution to these evolving threats in parallel. Guardz enables MSPs to streamline cybersecurity by automating detection and response across user data, devices, emails, and cloud directories from a single pane of glass.

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

Guardz Raises the Bar with More Feature Advancements

At Guardz, we are committed to staying ahead of the curve and continuously improving our platform to provide your clients with the most robust protection against evolving cyber threats. 

From advanced ransomware detection to streamlined email security management and customizable phishing campaign content, our latest updates are designed to elevate your client security posture and ensure you’re equipped to tackle even the most sophisticated cyber threats. 

Ransomware Early Detection & Response

Endpoint Security at Guardz has taken a great leap forward with the latest Early Ransomware Detection and Response capabilities.

  1. The new File Integrity Check is a feature that installs and monitors a “bait” file on the device and will trigger an issue as soon as these files are edited or modified in any way (including encryption). This serves as an indication of ransomware or other malware messing with files.  
  2. As a strong response to this and other threat detections, Device Isolation can be initiated to disable all the network connections on the endpoint and actively prevent the flow of packets to/from the device.  These new capabilities can be found in the Device Details drawer as well as in the relevant issues.  

Email Threshold Enhancements


Improving the effectiveness and manageability of email security is a key focus in the Guardz platform.  To this end, we are introducing a simplified approach to email thresholds, High, Medium, and Low, allowing admins to select the appropriate action for each level of risk.

These enhancements replace the old email scale and allow admins to confidently and transparently apply caution banners and quarantine.
The 3-level approach enables proactive protection while minimizing disruptions to email security workflows.

Customize Phishing Campaign Content



Due to popular demand, it is now possible to edit the content, subject and title of phishing simulation campaigns. The content will remain AI-generated but will allow admins to make necessary tweaks without regenerating the whole email.

Key Benefits:

  • Tailored Messaging: Customize email content to better suit your organization’s tone and style.
  • Enhanced Engagement: Craft compelling subject lines and titles to increase reliability.
  • Improved Effectiveness: Fine-tune phishing campaign emails to resonate more effectively with employees, maximizing the impact of your security awareness.

Take control of your phishing simulations and personalize your campaigns for optimal results.

Coming Soon

  • Windows Server Support – Beta

    Expanding on our device agent enhancements, we’re excited to announce that support for Windows Servers has now entered beta.
    It is now possible to ensure comprehensive endpoint security across a broader range of organization devices.

    The Windows Server agent supports the following versions: 2016, 2019 and 2022

    If you would like to join our beta, feel free to reach out via email or chat!
  • New Report: Security Business Review

    The Guardz ROI report has been a popular way for MSPs to communicate security risks to their customers while also showing the value they bring.  This redesigned “ROI Report” is a comprehensive approach to provide end customers with a clear and concise overview of their security posture on a monthly or quarterly basis.

    Key Features:
    • Summarized Data: The Security Business Review Report offers summarized data on the security-related activities managed through Guardz. From threat detection to risky users, you’ll get a holistic view of the organization’s security landscape.
    • Comparison with Previous Period: Gain insights into your security progress over time by comparing current results with those from previous periods. Identify trends, track improvements, and make data-driven decisions to enhance security posture.
    • Behavioral Analysis: Understand how your customer behaves from a security standpoint. The report provides valuable insights into user behavior, system vulnerabilities, and potential risks, empowering stakeholders to proactively address security challenges.

We can’t wait for you to experience the newest updates! Keep your eyes peeled for more to come!

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

Why MFA Isn’t Going to Save You

Why MFA Isn’t Going to Save You

Think multi-factor authentication (MFA) is iron-clad protection against a data breach? Think again. Hackers are increasingly coming up with clever ways to bypass MFA, from social engineering to elaborate man-in-the-middle attacks. Here are some of the ways bad actors exploit MFAs:

One-Time Passcodes

The worst form of two-factor authentication is the one-time passcode (OTP). Not only are the passcode text messages annoying, but they are also not very secure.

SIM Swapping

Even if your phone never leaves your pocket, hackers can get control of all your digital life by a technique known as SIM swapping. A Subscriber Identity Module (SIM) is a little card from your phone carrier that stores information to point your phone to the correct cellular network to pick up your correct phone number, and other information to identify it. Nowadays most smartphones use eSIM, which is a digital version of what used to be a physical card. Since it’s now all electronic, all you need to do to change things around is call your cellphone provider. If a hacker gets enough information about you – often through a phishing text message, or just scraping social media – they can call your carrier and change your number to their phone. All OTPs will then go to their phone instead of yours, letting them reset accounts and gain access to even more information. Think  this is unlikely? The former CEO of Twitter begs to differ.

Provider outage

On February 22nd, 2024, US cell provider AT&T suffered an outage impacting 74,000 subscribers for approximately 12 hours, starting at 3:30am ET. Beyond just a frustrating inconvenience, if you use SMS one-time passcodes for MFA, you were not able to receive messages for the majority of the workday.  Unfortunately, AT&T is not the only carrier to have issues – Verizon customers also reported wide-spread connectivity issues for at least 4 hours on January 26th, 2024. T-Mobile users were lucky this go-round, but maybe that’s because they had their turn in February of 2023.

SMISHING

This is a silly word for a serious problem; phishing via SMS. Text messages are easy to fake; If your employees are used to getting authentication messages via SMS, it’s that much more likely that they’ll click on a bad link in a moment of carelessness. It happened to Activision in 2022; several employees got fake text messages, and only one person fell for the scam, but that was enough. The victim, in this case, happened to be part of HR, which gave the hackers access to quite a bit of data.

 Passcodes Are Not Randomly Generated

You probably haven’t given much thought to how one-time passcodes are generated, but there is a vague assumption that when a request is made, some server farm somewhere generates a random number and sends it out to you, and then deletes it after you successfully log in.  That makes sense, but you’d be wrong. The codes are, in fact, stored in a database.  YX International, a company that serves OTPs for multiple big-name companies like Facebook and Google discovered this database was left wide open for anyone to access. Thankfully, it was found by a security researcher who alerted the company. Next time, it may be someone with significantly less altruistic motives.  We’ve established that OTPs have got to go. Maybe authenticator apps are the solution? They are more secure, they solve many of the issues above like carrier outages and stolen phone numbers, plus phones are protected with biometrics so hackers will need to physically take the phone to do any damage, but they aren’t as safe as you may think.

MFA Fatigue

When you use an authenticator app,  signing in often prompts a push notification to approve or deny access.  Hackers will bypass this issue by spamming your device with repeated push notifications in the hopes that you’ll approve, either to make it go away, or by accident (we’ve all clicked “Next” when we meant to hit “Cancel” after all.)  Cisco was hacked using this method after an employee’s Gmail account was compromised. Sometimes there is a social engineering component –as was the case when Uber was hacked in 2022., tThe hacker contacted the owner of the compromised account and pretended to be from Uber’s IT department and asked them to approve the notification.

Attacker-in-the-Middle (AiTM)

This attack is somewhat complex, but is also becoming disturbingly more common. An attacker sets up a fake website that mimics a legit one – such as a banking portal, or an internal portal. They launch a phishing campaign that directs customers and/or employees to the fake site. They use this site to capture credentials and redirect to a fake MFA site, where the user puts in their real prompt – which the attacker then passes on to the real website and captures the session cookie while the “fake” site sends the user elsewhere.

How attacker in the middle work

Microsoft uncovered a huge AiTM attack in 2023 aimed at financial institutions, and Reddit was hacked that same year using a similar method.

Stolen Cookies

There are almost as many varieties of this attack as there are of actual cookies: pass-the-cookie, cookie poisoning, cookie tossing – but they all boil down to the same basic concept: Once you log in to something through a web browser, a cookie file is created that tracks your session. Without this, you’d have to log in to each page of a website individually, which would make online banking possibly the most frustrating exercise on the planet. Our ever-expanding portfolio of cloud-based services makes these cookies an extremely attractive target. Successful manipulation of a session cookie completely bypasses MFA. When Okta was hacked in 2023, the hackers went after support files, which just so happened to gather cookie information, and was also a factor in the 2020 SolarWinds data breach.

MFA is Inconvenient

You may not think  inconvenience is relevant to how  MFA can be bypassed, but consider this:   Microsoft was hacked in November 2023, and the hackers used a simple password spray attack to compromise e-mail accounts of top executives which didn’t have MFA turned on because no one wants to  get a code or approve a push 20 times a day. In response to the Okta hack, the company announced it would be turning on MFA for protected actions in their admin console. Why wasn’t it on before? Because it slows you down, interrupts your workflow, and is generally annoying. This creates a tendency not to enable it everywhere, which can leave dangerous gaps in your security.  The worst part of all of this is, it’s not terribly difficult or complex to do. There are a lot of videos on YouTube that will show you how to deploy each of these hacking strategies.

Passwordless Authentication is the Future

You may have noticed a recurring theme through these breaches – some form of phishing and/or social engineering is effective when you want to bypass MFA. With the thousands of hours of training, fake phishing e-mail tests, and articles published on security best practices, the reality is that passwords are inherently weak, because they still rely on a human element, and the best way to really keep yourself, your data, and your entire organization secure is to remove that element entirely. Switching to certificate-based, passwordless authentication eliminates all of these issues because certificates are encrypted – they can’t be guessed, phished, or socially engineered. And in a rare win for anything that enhances security, certificates provide a better user experience because there’s no password to remember, no passcode to get from a text message, and no push notifications. Make everyone’s daily digital life easier and more secure with passwordless authentication!  Portnox’s cloud-native NAC solution delivers passwordless authentication, endpoint risk monitoring, and 24/7 compliance enforcement.If you look up NAC solutions on Reddit, you’re likely to encounter frustration, anger, and genuine sadness. That’s how users feel about archaic and cumbersome legacy NAC products. That sorrow ends today. With the Portnox Cloud, powerful and easy-to-use network access control functionality is available at your fingertips.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×