The need for a stronger defense against security threats is greater than ever, as the threat of data-driven crimes such as identity theft and corporate espionage grow each year. The recent data breaches against giants such as British Airways and Facebook emphasize the danger facing data-storing companies and emphasizes the need for a more comprehensive attitude towards data security.
One aspect that is becoming increasingly popular within businesses as a security method is ‘multi-factor authentication’ (MFA). MFA comes in many forms, both hardware; like a fingerprint ID, retinal scan or even just a fob, and software; for instance, using identifying characters from a different passcode or employing a code generating app. With a wide range of options to choose from, companies need to decide – based on their product/service, market and threatscape – which of these solutions best suits their needs.
Weak Link in a Strong Chain
In theory, multi-factor authentication acts as a strong second line of defense against potential hacking, however, the system is as only as secure as the person using it. Often, people search for a quicker and more convenient solution to the issue of quickly using MFA. For example, a worker may choose to use the same passcode for both their login and authentication. Consequently, any breach that exposes the employee’s login details will also nullify their MFA security.
Another potential issue when using MFA is that the authentication system is only as secure as the technology supporting it. In the case of the Reddit data breach, the authentication system required that employees log in with both a passcode and a generated code. The flaw in this system, however, was that the authentication code was transmitted over the SMS network which is prone to connectivity issues and can be easily intercepted by third parties. In this case, the breached security allowed hackers to access an older, discontinued form of the website’s data storage vault containing messages, email addresses and login credentials, all of which could be used to access private information, including banking information. Not only is multi-factor authentication merely as strong as the operator using it; it is only as strong as the technology upon which it is based.
A Moat, a Drawbridge and a Wall
However, despite this bleak outlook on the effectiveness of multi-factor authentication, it should not be assumed that MFA is ineffective. No security system is entirely foolproof, but you can make your data far more secure by implementing tiered security systems – wherein MFA acts as one line of defense but does not constitute your entire security solution. A strong security system should contain: a series of firewalls to limit the ease with which malicious software can enter your network, a multi-factor authentication system, and a data protection system such as Clearswift’s Adaptive Data Loss Prevention solution that, using the unique Adaptive Redaction feature, can automatically detect and remove any sensitive data attempted to be shared outside of the corporate network – through email, web and business collaboration applications – but let the rest of the communication take place. In addition to this, Clearswift also has the capability to remove malicious links (active code) embedded in email attachments or website document/file downloads, meaning any attempt to steal log-in credentials via a phishing attack or to deliver a Ransomware payload is thwarted at the boundary. Most importantly, employers should educate their employees in the dangers of cybersecurity and data breaches; as, left to their own devices, many employees will attempt to maximize their own efficiency by creating deliberately easy to access methods of authentication.
It’s Security All the Way Down
There is no comprehensive ‘silver bullet’ solution to the current-day realities of cybersecurity. Multi-factor authentication is a valuable tool, but, as we have seen, is only as strong as the technology it is built upon, and as secure as the employees who use it. Consequently, companies must face the difficult task of balancing security with employee efficiency based on their own interpretation of the dangers facing their data. The strongest systems will employ a tiered system constructed from multiple layers of security protocols, wherein multi-factor authentication acts as a link in a chain, as opposed to being the sole line of defense.
*** This is a Security Bloggers Network syndicated blog from Clearswift Blog authored by Bianca.du.Plessis. Read the original post at: https://www.clearswift.com/blog/2019/03/04/authenticating-authority-can-multi-factor-authentication-provide-total-protection