Intelice Multi-Factor Authentication Information
What’s the risk?
Over the last serval years, we have seen attacks on our customers grow exponentially, to the point that today we have a breach reported with 1 out of every 10 of our clients through fraudulent sign-ins each month. 99.9 percent of these attacks would have been prevented with the use of Multi-Factor Authentication “MFA”.
We have also seen breaches that could have been prevented by MFA reported all over the world. They include big companies like Deloitte and Sendgrid; many local governments across the US; and now we are seeing many more small businesses are being subject to these breaches. A 2020 Verizon study found that nearly 30% of all reported data breaches involved small businesses.
Cyberattacks aren’t slowing down, and it’s worth noting that many attacks have been successful without the use of advanced technology. All it takes is one compromised credential or one legacy application to cause a data breach. This underscores how critical it is to ensure password security and strong authentication.
In a recent paper from the SANS Software Security Institute, the most common vulnerabilities include:
- Business email compromise, where an attacker gains access to a corporate email account, such as through phishing or spoofing, and uses it to exploit the system and steal money. Accounts that are protected with only a password are easy targets.
- Legacy protocols can create a major vulnerability because applications that use basic protocols, such as SMTP, were not designed to manage Multi-Factor Authentication (MFA). So even if you require MFA for most use cases, attackers will search for opportunities to use outdated browsers or email applications to force the use of less secure protocols.
- Password reuse, where password spray and credential stuffing attacks come into play. Common passwords and credentials compromised by attackers in public breaches are used against corporate accounts to try to gain access. Considering that up to 73 percent of passwords are duplicates, this has been a successful strategy for many attackers and it’s easy to do.
Passwords may reign supreme as the most common way to authenticate your online identity, but they increasingly provide very little protection. Once a password is stolen, hackers can use those credentials to log in to applications and business systems, bypass other access controls and wreak serious havoc. In fact, according to the 2020 Verizon Data Breach Investigations Report, stolen login credentials are the top tactic used by hackers to achieve data breaches.
And there are an alarming variety of attack vectors hackers can take advantage of to steal passwords or gain access, including phishing attacks, brute force attacks, web app attacks, point of sale intrusions and even stolen hardware.
What you must do to protect your organization and its data?
You can help prevent some of these attacks by banning the use of bad passwords, blocking legacy authentication, and training employees on phishing. However, one of the best things you can do is to simply turn on MFA. By providing an extra barrier and layer of security that makes it incredibly difficult for attackers to get past, MFA can block over 99.9 percent of account compromise attacks. With MFA, knowing or cracking the password will not be enough to gain access.
From the US Department of Homeland Security CISA Cyber & Infrastructure: “Passwords that meet a baseline of security are a good first layer of protection, but attackers can guess or intercept passwords. Multi-factor authentication (MFA), simultaneously using multiple pieces of information to verify your identity, is becoming more common. The theory behind this approach is similar to requiring two or more forms of identification or two keys to open a safe deposit box. You should turn on MFA where it’s available.”
MFA is easier than you think
MFA helps protect you by adding an additional layer of security, making it harder for bad guys to log in as if they were you. Your information is safer because thieves would need to steal both your password and your phone. You would definitely notice if your phone went missing, so you’d report it before a thief could use it to log in. Plus, your phone should be locked, requiring a PIN or fingerprint to unlock, rendering it even less useful if someone wants to use your MFA credentials. Using 2FA is one of the top three things that security experts do to protect their security online, according to a recent Google survey. And consumers feel the same way: almost 9 in 10 (86%) say that using 2FA makes them feel like their online information is more secure, according to TeleSign.
According to the SANS Software Security Institute, there are two primary obstacles to adopting MFA implementations today:
- Misconception that MFA requires external hardware devices.
- Concern about potential user disruption or concern over what may break.
If you’re one of the 54% of consumers who, according to TeleSign, use five or fewer passwords for all of their accounts, you could create a “domino effect” that allows hackers to take down multiple accounts just by cracking one password. The good news? There’s an easy way to better protect your accounts (which contain a lot of personal information) with multi-factor authentication (MFA).
A good MFA strategy will carefully balance the risks of compromised credentials against the impact on employee productivity or customer experience when determining MFA requirements and risk-based policies.
The best modern MFA solutions can strike the balance between security and convenience by supporting multiple authentication options, implementing adaptive policies, and integrating seamlessly into existing applications. Reach out to your Intelice Account Manager today to discuss implementing MFA to protect your organization, as well as its users, clients, and data, today.