“The pandemic has pushed the Department of Veterans Affairs to think beyond multifactor authentication to keep bad actors out of VA systems as it anticipates extended work-from-home policies.”
“One of the federal government’s largest agencies, the VA has fully embraced multi-factor authentication across the board and is now exploring additional ways to authenticate users and improve security, VA CISO Paul Cunningham said Thursday during CyberTalks, presented by CyberScoop.”
“’Anything to [bring] the risk posture down … is going to be a good thing,’ Cunningham said, as the VA handles sensitive medical information and other data on benefits services and more from veterans.”
“In specific, the VA has been looking at ‘bump and go’ options for user authentication, referring to physical tokens that can be used as an added layer of security, the VA CISO said.”
“Cunningham’s comments come after the VA recently suffered a breach in a financial system that comprised information on at least 46,000 veterans. The breach was due to unauthorized access to an application for financial assistance that veterans are entitled to, the department said when it announced the hack. The VA said malicious actors used ‘social engineering techniques’ and exploited ‘authentication protocols’ to gain access to the system.”
“Multi-factor authentication has existed in the VA and government for many years. But the pandemic has forced the department to broaden its security controls to properly credential people logging in from home, Cunningham said…” Read the full article here.
Source: VA looks beyond multi-factor authentication to secure extended telework – By Jackson Barnett, October 22, 2020. FedScoop.
