Basics is no longer cutting it. Free is not stacking up. Even with multi-factor authentication (MFA) patrolling security’s new identity-based perimeter, phishing attacks remain one of threat actors’ favorite tools and demand stronger protection in identity and access management (IAM). MFA may make it harder to simply log into enterprise environments using lost, leaked, bought, weak, or stolen user credentials, but it’s clearly not impossible either.
That’s because user training and even basic MFA are not enough to ensure phishing resistance against modern campaigns that use new techniques to subvert or sidestep authentication:
AI-led campaigns use large language model (LLM) tools like ChatGPT to craft convincing emails that look and sound like trusted entities
Adversary-in-the-Middle (AiTM) attacks bait users into clicking fraudulent links that take them to proxy servers controlled by the bad actors
New multi-stage MFA fatigue campaigns are designed to capitalize on repeated user authentications to bypass and exploit weaker forms of MFA
Gaps in protections reveal themselves as attackers target supply chain and third-party access permissions, remote desktop protocol (RDP), or legacy applications
And that’s not all. Modern phishing attacks like the ones listed above now stretch beyond authentication, threatening session cookies and bypassing traditional defenses, making comprehensive phishing resistance essential—even for trained help desk pros.
If all of that makes achieving end-to-end phishing resistance sound like a pipe dream, identity security leaders can take heart. In a new guide from Cisco Duo, you’ll learn what tools and strategies you can use to push your organization toward modern phishing resistance.
What End-to-End phishing resistance means
Why traditional multi-factor authentication (MFA) can’t stop modern attacks
Five practical steps you can take to strengthen your defenses against phishing throughout the identity security lifecycle
Chief Information Security Officers (CISOs)
IT Directors and Infrastructure Leads
Identity and Access Management Architects
Compliance and Risk Officers
Security Operations Center (SOC) Analysts
We need to ensure the highest level of protection for all user interactions with our services. We also need to meet an extremely high bar for security standards while making it easy for users to be productive. Duo helps us do just that.
Mark Schooley
Senior Director, IT Operations & Engineering
See Duo in action by joining our live demo and Q&A session and learn how Duo helps verify user identity, manage devices, and adapt and enforce security policy.
Plus, get a FREE pair of sunglasses for attending!
* Gartner, Voice of the Customer for User Authentication, Peer Community Contributors, 22 January 2026.
Gartner, Peer Insights, and Gartner Peer Insights Customers’ Choice Badge are trademarks of Gartner, Inc. and/or its affiliates. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.