In today’s complex workplace simple passwords no longer cut it. Many businesses are turning to multi-factor authentication (MFA) to protect staff and client information, as well as company systems. Believe it or not, those annoying little prompts to verify your personal information, after you enter your login password, have become an increasingly important weapon against cybercrime. In fact, Microsoft reported that 99.9% of all compromised accounts did not use MFA. If that isn’t compelling enough, here are more reasons why senior execs should insist on it as a standard security practice…
With the increasing use of personal devices for work and work-from-home (WFH) arrangements, there can be hundreds of employees accessing company systems on unsecured connections and devices across the globe. This has led to a cybercrime pandemic, with a 424% increase in attacks since 2017, mainly targeting small to medium businesses.
You may have even heard of the recent 2020 breach on the popular social platform Twitter, that targeted 130 accounts, including that of Elon Musk, resulting in a theft of $121,000 in Bitcoin through nearly 300 transactions.
Sadly, cyber attackers are becoming increasingly good at evading security, sometimes at a faster pace than security experts can develop solutions. Yet, one of the best protections to emerge in recent years is, in fact, one of the simplest – multi-factor authentication (MFA).
What Is Multi-Factor Authentication?
When logging into a system, app or VPN, MFA requires users to provide two or more pieces of identification. This is used to confirm your identity and your right to access certain information. Authentication methods generally fall into three main categories:
- Knowledge – Something you know, such as a security question, password or PIN
- Possession – Something you have, such as an authentication app, card with a chip or fob
- Inherence – Something you are, such as a Picture ID, or biometrics, like a retina scan or fingerprint
MFAs can also involve a system-generated one-time password (OTP), or they can be linked to a specific location, so if your device’s IP address doesn’t match the one on file, it won’t allow access. There is also the increasingly used adaptive authentication, that looks at a user’s usage patterns to confirm a person’s identity, such as the times of day you normally access apps or whether you use a VPN or public network.
You also probably wonder, isn’t multi-factor authentication the same as 2-step authentication? The two terms are often used interchangeably. Two-step, means only two factors of authentication are used. Whereas MFA often requires two or more.
Why Your Business Needs Better Protection
Credential theft used to be a much bigger problem before multi-factor authentication (MFA). In 2019, it was one of the top three infection sources (29%) next to phishing scams and exploitation attacks. Stolen credentials allowed hackers to gain a foothold in a company’s IT infrastructure, giving access to sensitive company data that could be ransomed or sold.
However, in 2020 those credential theft numbers shrank to 18% and multi-factor authentication is thought to be responsible, also accounting for a 38% drop in business email attacks between 2019 and 2020.
If this doesn’t convince you, then perhaps this will: in nearly all of the successful cyber attacks observed in 2019-2020, MFA was not enabled. One analysis by IBM X-Force even demonstrated the effectiveness of MFA, when Iranian terrorist group ITG18 had their training videos accidentally leaked. The footage showed how their agents tried to gain access to sites using stolen credentials, yet, when they encountered a site using MFA, they immediately moved on.
Google also claims that MFA can prevent more than 95% of general phishing attempts and 75% of targeted attacks. It’s obvious from those numbers, that the increase in multi-factor authentication is making password-guessing and stealing much more challenging, forcing many hackers to abandon the use of stolen credentials.
Conclusion
Of course, the more layers of security between your valuable data and cyber criminals, the better. By using more than one level of authentication, it makes it much more difficult for hackers to access your accounts. The process is even becoming normalized as more and more business websites require MFA to use their site or service. Studies even estimate, that by 2023, 80% of small to medium-sized businesses will implement Multi-Factor Authentication (MFA), especially with the surge in remote working.
Yet, this doesn’t provide your company with full protection. With credential theft lowering, phishing emails have now become the go-to for hackers, where they can exploit human vulnerabilities and trick users into revealing personal information. That’s why a comprehensive cyber security plan is important, where system weaknesses and human error can be mitigated through careful planning and action. That’s where we can help. Talk to us about our IT solutions and the best ways to secure your systems against cyber attacks.
Worried about your workplace’s IT security? Let the Com Pro team handle your day-to-day needs. Contact us to learn more about the Com Pro difference!