Hot Topics
Security Bloggers Network 
SBN

Implementing Multi-Factor Authentication to Improve Your Organization’s Cybersecurity Posture – Tech Heads Inc.

Avatar photo by Michael Nelson on June 20, 2021
Implementing Multi-Factor Authentication to Improve Your Organization’s Cybersecurity Posture - Tech Heads Inc.

Businesses are at an ever-increasing risk of falling victim to a cyberattack. Theft of user credentials is a now an ever-growing risk vector with poor login security putting all companies at risk of a breach and non-compliance. Let’s unpack the threat landscape.

According to a recent report issued by Forbes magazine, cybercriminals have more than 15 billion stolen logins circulating around the dark web, obtained from over 100,000 documented security breaches. Cybercriminals will purchase and use these stolen credentials to infiltrate business networks. 

In addition to purchasing credentials, cybercriminals use a variety of other social engineering techniques to gain a foothold into a business including:

  • Phishing – a user is tricked into disclosing their credentials
  • Spear phishing – a small group of users is targeted with well-crafted believable messages featuring a call to action which gets users to disclose their login information
  • Brute force attacks – an attacker uses a program to generate possible username/passwords and attempting to access business systems

Once they establish a foothold inside the network, cybercriminals can further compromise the business by gaining access to other critical assets through privilege escalation and lateral movement. Once inside they can achieve their ultimate goal of data manipulation – reading, encrypting, modifying, and exfiltrating sensitive information. This can have a devastating impact upon the business.  A recent report released from Cybercrime Magazine found over 60% of small to medium businesses who have fallen victim to a successful cyberattack end up shutting their doors within six months.

Companies are recognizing these risks and are starting to act accordingly. 

One of the best ways to protect businesses from the fallout of compromised credentials is to enable Multi-Factor Authentication (MFA) on all user accounts. With MFA enabled, whenever a user attempts to log into a managed business application (ex. corporate email) or company site, they are prompted for a second form of authentication to prove they are who they say they are. 

This form of secondary authentication can be one of the following methods:

  • An SMS text message sent to the user’s mobile phone, 
  • A phone call
  • A rotating PIN code / push notification to an authentication application on the user’s mobile phone

By adding this requirement, security is increased as this additional form of authentication is not something which is easy for a cybercriminal to obtain or duplicate. Even if one’s identity has been previously compromised, this additional layer of protection will help prevent the attack from successfully using the stolen credentials.

According to a recent article in ZDNet, Microsoft and Google say using MFA for user accounts will eliminate 99.9% of account breaches.

More than 55% of enterprises use MFA to protect their users accounts. SMB adoption is trailing the enterprise, but not by much.

MFA can be very easy for end-users as long as the appropriate level of training and adoption processes are undertaken before and during the rollout period. However, some businesses remain wary of deploying MFA across the entire organization, as one of the biggest objections is the perception of it being an inconvenience to the users – whether due to the frequency of MFA prompts or any hindrance to working remotely. These issues can be addressed as they arise. For example, the frequency of prompts for the second form of authentication can be limited so the focus is on truly high-risk sign-in attempts.

Enabling MFA is one of the best steps a business can take to protect its critical data and network access from compromised accounts and increase its overall cybersecurity posture. If your company has not implemented this security control, it’s time to start.

*** This is a Security Bloggers Network syndicated blog from Cybersecurity Best Practices authored by Michael Nelson. Read the original post at: https://blog.techheads.com/implementing-multi-factor-authentication

Michael Nelson
Avatar photo

Michael Nelson

As Chief Revenue Officer, Michael leads our go-to-market organization and is responsible for strategy and revenue growth. Michael is a well-rounded revenue leader with more than 20 years of experience building revenue organizations for B2B SaaS companies. Prior to joining BehavioSec, Michael spent 10 years in the digital identity space as a founder and VP of Sales and Business Development for the Mitek Systems (MITK) Identity business. During this time, he helped to create a new category in the digital identity verification space and led sales and revenue growth that helped Mitek scale from a $5m, US company to a $85m global Fintech leader. Michael has also served in both direct and channel sales leadership roles for leading B2B SaaS companies like Ariba (acquired by SAP), Adobe and Arena Solutions. Michael holds a B.S. degree from California Polytechnic State University, San Luis Obispo and currently resides in San Diego, CA. Michael enjoys coaching sports, playing golf and spending time with his family on the ski slopes.

michael-nelson has 6 posts and counting.See all posts by michael-nelson