The global cost of cybercrime in 2023 was set to hit 8 trillion U.S. dollars. The financial industry is a prime target as the rate of ransomware attacks has nearly doubled (64%) since 2021. Financial institutions are protecting against cybersecurity attacks by having a strong infrastructure that is able to enforce a zero trust policy. This cornerstone of a zero trust policy is based on having an idea of who or what the end system is that is requesting access.
Traditional password systems, while simple, are obsolete. Human factors on password reuse and complexity, coupled with extensive password breaches, have neutralized their security effectiveness. Having a multi-factor system, and understanding context of the request (location, time, etc.) is critical to laying the groundwork for being able to trust. To ensure good security hygiene, numerous regulatory bodies have instituted regulations that enforce financial institutions adoption of multi-factor systems to protect not only the end user of their financial products, but also to protect the core of the financial system. In places where federal regulations weren’t strong enough, states have taken the lead, with New York and California passing similar state mandates that financial institutions or companies that “significantly engage in financial activities” must use Multi-Factor Authentication (MFA) to protect their data.
Cisco Duo helps financial institutions secure their customers data and meet these regulatory requirements. Thousands of financial institutions are currently using Duo as a MFA solution to keep their most trusted resources, their customers wealth, protected.
A key advantage of Duo is it helps with the common security challenge, a lot of security controls don’t get implemented because of complexity for the end user or lack of scalability. Duo stands out because it is both extremely user-friendly and highly scalable, proven by its widespread adoption in educational settings and by administrators managing some of the industry’s biggest multi-tenant cloud environments. Its effectiveness is evident—it simply works. Furthermore, Duo’s extensive integrations utilize standards-based protocols, making the solution straightforward and accessible for developers to work with as well.
An example of the extensive capabilities and integrations of the Duo platform is shown below in the graphic.
Some of the regulations that can be satisfied by Cisco Duo include:
- Payment Card Industry Data Security Standard (PCI DSS): Requires MFA to be implemented as defined in Requirement 8.3 and its sub-requirements. (PCI, 2017)
- FFIEC: Provides guidance on usage of MFA for clients.
- Payments Service Directive2 (PSD2): Strong customer authentication requires use of MFA.
Recently Cisco Duo provided targeted recommendations on how customers can help apply CISA’s guidance around the scattered spider cybersecurity group. Creating a defense in-depth and zero trust architecture requires a secure solution that remains user-friendly for the end user. Cisco Duo is helping financial institutions achieve their security compliance and protect themselves as part of a defense in-depth strategy.
Here are additional links on regulatory guidance around MFA.
- FFIEC Issues Guidance on Authentication and Access to Financial Institution Services and Systems
- Appendix to demonstrate how to use FFIEC Cybersecurity Assessment Tool in conjunction with the FFIEC Information Technology (IT) Examination Handbook
- PCI Security Standards Council Multi-Factor Authentication Guidance
