Why Multi-factor Authentication?
Have you ever wondered what could happen if you don’t have multi-factor authentication (MFA) in place? Or perhaps you may have seen incidents occur prior to implementing MFA, or after if not deployed properly? Well, I can tell you from firsthand experience that ransomware as a result of phishing can be a consequence.
Earlier in my career, I worked at an organization where we were weighing the costs and benefits of implementing MFA. During this time of analysis and decision-making, we were attacked by ransomware after someone clicked on a phishing link. Subsequently, to contain the incident, our Information Security engineers shut down the affected department’s network until we resolved the issue.
This of course, was not received well by the department since they lost productivity as well as a bit of morale that day. So, this begs the question, how could this have been prevented?
A 2021 Verizon Data Breach Investigations Report found that 61 percent of breaches in 2020 were executed using unauthorized credentials.
How do we stop credentials from being compromised? Education via Security Awareness Training is imperative to teach your employees how to spot suspicious links in emails to avoid phishing attacks, recognize social engineering techniques, and understand that security is everyone’s responsibility.
However, training and awareness is one layer of defense in depth protection. Automated and technical controls are imperative to have in place so that breaches and malware can be prevented. One important technical control is MFA. Let’s dive into what exactly MFA entails.
What is Multi-factor Authentication?
At the most basic level, MFA is an authentication method that requires more than one distinct authentication factor for successful authentication.
The three authentication factors are:
- Something you know (such as a password)
- Something you have (such as a token or cryptographic identification device)
- Something you are (such as biometric authentication for fingerprint scan, retina scan, facial recognition, etc.)
Essentially, authentication requires proof that users are who they say they are. MFA takes it a step further by requiring users to provide proof from two or more authentication factors before access is granted.
MFA reduces the risk of security breaches from occurring and helps keep data and credentials safe by adding barriers that stop bad actors in their tracks. Even if credentials are compromised, it is extremely rare that a hacker also has a second or third authentication factor.
MFA protects against phishing, social engineering and password brute force attacks.
Benefits of MFA
As mentioned before, training your users is essential but adding MFA is one of the most effective technical controls of layered security. Here are several key benefits that MFA offers:
- Decreases risk from compromised credentials – since passwords may be the least secure form of authentication, MFA offers an additional factor to protect them.
- Improves security – According to Microsoft, MFA can prevent 99.9% of attacks on your accounts.
- Promotes regulatory compliance – certain industry and geographical regulations require MFA, including the Payment Card Industry Data Security Standard (PCI-DSS) and the Health Insurance Portability and Accountability Act (HIPAA).
- Increases productivity through compatibility with Single Sign-On (SSO) – MFA can be integrated with SSO and embedded into applications. Users no longer need to create numerous unique passwords. Along with SSO, MFA reduces friction between applications and systems while verifying the user’s identity, saving time, resources, and ultimately increasing productivity.
By now, you can see just how beneficial MFA can be for your organization. With minimal investment, you can start protecting your data assets and adding preventive measures against the most prevalent attacks. Deploy MFA and add to your defense-in-depth security approach today. And, for greater visibility into your defense-in-depth security controls, implement the Reciprocity® ROAR Platform. With Reciprocity ROAR, you can connect your cloud hosting providers and collect evidence any time to ensure that MFA is enabled.
Why not give it a try? Register for a FREE live demo to see ROAR in action.