Organizations worldwide are struggling to ward off sophisticated phishing attacks. Unfortunately, traditional solutions are ill-equipped to defend against phishing attacks, whether they use deepfakes or other modern techniques. According to the 2024 Cybersecurity and Infrastructure Security Agency (CISA) Annual Report, 75% of organizations were targeted by phishing attacks last year, with a significant rise in AI-driven threats. In fact, 40% of these attacks involved deepfake technology, highlighting the growing sophistication of phishing attempts (CISA 2024 Annual Report).
Traditional solutions also take too many resources, require considerable effort from IT teams, and drastically affect productivity within contact centers.
With Continuous Authentication, contact centers can protect their infrastructure against phishing attacks and detect intruders before they can cause damage. Let’s look at some of the major phishing threats contact centers face and how Continuous Authentication defends against them.
Up until a few years ago, phishing threats were largely in the form of emails pretending to be from regulatory bodies, management personnel, or technical staff. While these were successful initially, businesses—especially contact centers—could mitigate them with extensive employee training, robust mail filters, firewalls, and traditional MFA solutions.
But in the last couple of years, deepfakes have become a larger threat. With advances in AI, bad actors can now impersonate managers or IT personnel over a phone call or even a video call. According to the APWG Phishing Activity Trends Report 2024, 60% of phishing attacks now leverage social engineering techniques, including deepfakes (APWG 2024 Report).
It may be difficult for a contact center employee to disregard video calls from someone who appears to be management asking for confidential information. Even with extensive training, employees fall victim to phishing scams using deepfake technology.
Traditional security solutions still depend heavily on human input and can only offer limited protection against phishing. To use them properly, contact center agents need extensive training, and even then, agents are vulnerable to social engineering. According to a 2023 study by Cybersecurity Insiders, 58% of employees still fall for phishing attempts despite regular cybersecurity training (Cybersecurity Insiders 2023).
Another issue with solutions like 2FA, OTP apps, or physical security keys is that they authenticate the user only at specific points in time. If an intruder gains access to the system, these solutions cannot detect or stop their activities because they are not securing the session; they only “secure” the initial login. With the average cost of a data breach reaching $4.45 million in 2024, according to IBM’s Cost of a Data Breach Report, this gap in protection is becoming untenable (IBM Cost of a Data Breach 2024).
Many traditional authentication solutions are also incompatible with cybersecurity strategies employed in contact centers. For instance, many contact centers have implemented clean desk policies to mitigate insider threats, but MFA apps require employees to carry a smartphone to get security codes. According to Zscaler’s 2024 State of Phishing Report, 72% of contact centers find traditional MFA solutions hinder their ability to comply with internal security policies (Zscaler 2024 Report).
Continuous Authentication is built to verify the user's identity constantly throughout every second of every session instead of only at specific points in time. It works in the background, continuously authenticating the user without active involvement.
Twosense leverages AI and machine learning to verify user identity. It monitors how a user interacts with their computer—how they type and move their mouse—and builds a behavioral profile. Once the profile is ready, the system continuously compares user behavior to the profile, generating a trust score. If the score falls low, indicating someone else is accessing the system, it will lock the user out and direct them to fallback MFA or contact their manager.
The system requires no effort from the user for authentication. Unless the trust score lowers, the user wouldn’t even know that the system is working behind the scenes.
Phishing is a social engineering attack. With phishing, bad actors are not exploiting technical vulnerabilities to access the infrastructure, but instead tricking users into granting them access. Solutions like MFA apps or physical security keys work to some extent to prevent phishing, but even those require trained users to prevent unauthorized access. According to Ponemon Institute’s 2024 Cybersecurity Report, 31% of employees reported sharing their security credentials with unauthorized individuals last year, making them vulnerable to phishing attacks (Ponemon Institute 2024 Report).
While users may not give up their security codes due to a spoofed email, a bad actor using deepfake technology to impersonate a manager may trick a contact center agent into giving up their security codes or even tapping their physical security keys to allow access.
Continuous authentication completely eliminates human error from the equation. With no security codes to hand over and behavior nearly impossible to mimic, bad actors find it impossible to bypass Twosense software.
Continuous Authentication drastically reduces the risk of phishing in contact centers. Using behavior and removing agents from the authentication process makes social engineering attacks significantly more difficult, even with the latest tools available to attackers.