Cyberattacks against companies large and small are on the rise as hackers engineer new ways to access and steal data. From ransomware to Distributed Denial of Service (DDoS), two facts are particularly concerning:
- Leveraged credentials, most often passwords, cause sixty-one percent of data breaches.
- Nearly half of all cyber-attacks target small and medium-sized enterprises (SMEs) who are less equipped to recover from damages.
Because SMEs inherently lack the cybersecurity resources of large enterprises, they’re seen as low-hanging fruit by cybercriminals. And the consequences of a data breach to an SME can be devastating and long-term: Most SMEs are unable to recover from an attack and 60% file for bankruptcy within six months of a breach.
One new statistic brings hope: According to a recent study, organizations that use multi-factor authentication (MFA) are 99.9% less likely to experience a breach than those that do not. Yet, while most IT decision-makers know the threats, an estimated 67% of businesses pen-tested in 2020 don’t use MFA for any of their login points.
So why aren’t more SMEs using multi-factor authentication? Is the resistance to MFA one of misunderstanding, misinformation, or the perception of inconvenience? And how can it be overcome? We’ll explore MFA’s benefits, challenges, and common misconceptions around SMEs using multi-factor authentication—but first, a primer on MFA:
What is MFA, and How Does It Work?
MFA is a method to protect an access transaction by utilizing multiple (often two) factors to verify a user’s identity. MFA, aka two-factor authentication (2FA), goes beyond vulnerable password authentication by requiring two or three forms of identity:
- Something you are—biometric data like facial recognition, fingerprint, retinal imprint, or even speech and typing patterns.
- Something you know—passwords or facts about your life or family history.
- Something you have—a device in your possession, like a phone or a security key.
How MFA works:
- A user logs in with their password (something they know).
- The user is prompted to satisfy the second factor they elected, which can take the form of:
- A one-time passcode (TOTP) on the user’s phone (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Robin Bond. Read the original post at: https://jumpcloud.com/blog/why-arent-more-smes-using-multi-factor-authentication