May I present a novel approach to cybersecurity? Hire a physical security expert to assess cybersecurity architecture and protocols. Physical security experts will all point to the same core problems.
First apply proper identification and authentication, indirect assertion of identity fails on both counts. Proper identification has always been critical to security. Second, limit secure portal exposure to only authorized entities.
Every alleged secure digital environment has exactly the level of security it desires. The damage from their security posture is acceptable or their posture would change.
Thousands of years of accumulative physical security knowledge has been rejected in cybersecurity. Nothing is secure when identification and access are uncontrolled, even the ancients understood this. The only solution to guessing identity is to STOP. The only solution for public access to secure services is to remove it.
Existence-based access provides presence at the point-of-authentication. This is the only place authentication factors can be properly deployed. The current multi-step data gathering authentication model never met guidance.
Existence-based access: Not slick marketing, just valid science.