Sophisticated cyber threats and changing work environments are placing contact centers all over the world at significant risk, especially organizations relying on traditional cybersecurity and authentication solutions. Contact centers have always been at high risk from insider threats and security issues due to human errors due to their high employee turnover rates. But as more organizations shift to remote work, IT security teams are struggling to manage the risk.
These organizations need to switch to more robust solutions tailor-made to meet the demands of the industry and sophisticated enough to withstand new forms of cyber threats. Continuous authentication addresses these threats within the unique scenarios that contact centers present by behaviorally authenticating users and blocking intruders in real-time.
Contact Centers Are Facing New And Sophisticated Threats
Contact centers have always faced security threats like phishing and unauthorized password sharing. The high employee turnover and the resultant lack of training among employees, combined with the fact that these organizations have access to card information for a significant number of customers, made them a target for bad actors.
In most security breaches, organizations take around 6 months to detect them, giving attackers enough time to travel horizontally across the infrastructure and wreak havoc, exposing the card data information of a large number of customers.
But now, bad actors are developing advanced techniques to access contact center infrastructure. For instance, phishing used to be largely through emails or phone calls. But now attackers even use deepfakes of managers or technicians to get on video calls with their target and prompt them to give up their credentials.
Attackers are also using prompt bombing techniques to bypass traditional authentication systems. Here, they sent multiple authentication requests to employees’ phones or authentication apps, hoping that the agents would believe it was a glitch in the system and approve the request or click the wrong button accidentally when facing a deluge of authentication prompts.
Many bad actors are also leveraging the security friction created by traditional authentication solutions, which is resulting in agents' reluctance to complete multiple rounds of authentication during a workday.
Organizations Relying On Traditional Authentication Solutions Are At High Risk
Traditional authentication solutions verify users' identities only at certain points in time, for instance, when they log in or when they have been away from the desk for more than 15 minutes. If attackers gain access sometime in between or if someone logs in using stolen credentials, these systems won’t be able to recognize intruders.
While organizations can set up more frequent authentication requests, this will increase security friction and disrupt the productivity of their employees since it requires their active participation. Some employees may even come up with workarounds to avoid having to log in many times.
For instance, if an organization sets up its system to send an authentication prompt after 2 minutes of inactivity, agents may devise tricks to move their movements automatically or tap their keyboards every few seconds, even if they’re away from their workstations.
Contact centers need a robust solution that continuously authenticates their users without negatively impacting their productivity or increasing security friction.
How Does Continuous MFA Work?
Continuous MFA authenticates users through their behavior and interaction with their workstations. The system builds a behavioral profile for users by monitoring and analyzing how they type, move their mouse, and interact with their computer.
Once the behavioral profile is ready, Twosense will continuously monitor user behavior against their profile and generate a score. If the behavior doesn’t match, this score will be low, indicating that someone else is accessing the account or that there is an intruder in the system. Continuous MFA will automatically lock out the unauthorized user.
Organizations can configure the following steps based on their productivity and security requirements. They can set up fallback MFA or direct the user to their manager to regain access to the system.
Unlike other systems, Continuous MFA verifies the user's identity continuously without any effort from the user.
How Does Continuous MFA Help Contact Centers When Compared To Traditional MFA?
Let’s have a look at how traditional MFA compares to Continuous MFA when it comes to specific threats that contact centers face:
Deepfake technology:
It has been proven many times that deepfakes can easily fool voice and facial recognition systems. Attackers have also been successful in convincing contact center agents that they’re talking to someone they know and trust and making them hand over their credentials.
With Continuous MFA, attackers will find it difficult, if not impossible, to mimic individual agents’ typing patterns or how they move their mouse. Even if scammers succeed in getting agent credentials, the system will detect intruders since attackers can’t mimic how the agent interacts with their system.
Automated phishing:
Most contact centers have high employee turnover, making training users to spot phishing attempts difficult. With large-scale automated phishing, agents can be tricked into sharing their credentials.
With Continuous MFA, even if the agents share their passwords, the system will detect the intruder based on their interactions with the system.
Credential-stuffing:
If the organization relies on traditional MFA, agents who use the same passwords for multiple accounts may be victims of credential-stuffing attacks. With Continuous MFA, even if the attackers gain access to user credentials, they will be quickly detected and locked out since their behaviors won’t match those of the agents.
AI-powered bots:
There has been a recent uptick in using AI-powered bots to infiltrate networks. While these bots are sophisticated and may even be able to get past firewalls, they cannot mimic specific behavior patterns of individual users.
Continuous MFA vs. Traditional MFA
|
AI Threat |
Traditional MFA Vulnerability |
Continuous MFA Solution |
|
Deepfake Technology |
Voice & Facial authentication can be fooled |
Behavioral patterns like typing rhythm are unique and impossible to fake |
|
Automated Phishing |
Agents can be tricked into sharing credentials |
Continuous authentication detects compromised credentials in real-time |
|
Credential Stuffing |
Stolen credentials can be reused |
Continuous MFA identifies when an unauthorized person uses credentials |
|
AI-Powered Bots |
Bots can mimic human interactions |
Continuous MFA tracks human behavior, detecting anomalies bots can’t replicate |
Contact center centers cannot protect their infrastructure without Continuous MFA
Cyber attacks become more sophisticated every year. Phishing has evolved into phone phishing and deepfakes, and attackers are using sophisticated AI-powered bots to target contact centers.
Contact centers need a robust solution to protect their networks and customer data from these advanced threats. That’s where Continuous MFA can help your organization stay ahead of sophisticated cyber threats.
