Given how rapidly the cybersecurity landscape evolves, businesses need to constantly improve their security measures to stay protected. The Center for Internet Security espouses an "offense informs defense" approach: prioritizing the building of defenses based on what threat actors are doing. Included in this prioritization is enforcing multifactor authentication (MFA).
What is MFA?
MFA is a security system that allows account access only after users have provided two or more pieces of evidence to prove their identity. Examples of such proof include:
- Something you know – password, passcode, answer to a security question
- Something you have – token, smart card, one-time PIN sent via an authentication app
- Something you are – fingerprint or iris scan
If you've used an ATM, then you've already seen MFA in action. You're required to insert your debit card (i.e., something you have) into the machine and then input your PIN code (i.e., something you know) before you can access your bank account.
Why should my company implement MFA?
There are many reasons why security experts recommend enforcing MFA.
Users have poor password habits
Memorizing five passwords can be difficult, let alone 100, which is the number of passwords an average user today manages. This password overload is perhaps why people tend to have weak password practices. Instead of using complex passwords, they opt for easy-to-remember but easy-to-crack ones, such as “123456”, “123456789” and “picture1”. Some people also store their passwords in easily accessible places like a note posted on their computer.
Furthermore, reusing passwords is a common practice. In fact, Balbix’s 2020 State of Password Use Report found that:
- Almost all respondents repeat passwords across work accounts and/or between work and personal accounts.
- The same password is used across 2.7 accounts on average.
- The average user has 7.5 passwords repeated between personal and work accounts.
While some respondents do not reuse passwords, 68% of them only slightly change their old passwords to generate new ones, with 32% merely replacing letters with symbols or numbers.
Passwords are easily stolen
According to Verizon’s 2021 Data Breach Investigations Report, credentials are the most sought-after data type, even surpassing personal data like Social Security numbers and insurance-related information. Cybercriminals steal credentials using different methods, such as:
- Keylogging – secretly recording keys struck on a keyboard
- Phishing – tricking users into giving up sensitive information
- Pharming – installing a malicious code onto a machine, which redirects users to a fake website where they enter sensitive information
Unfortunately, anyone can fall victim to these attacks — not just unsuspecting individuals, but also giant corporations that people entrust their data to. Alarmingly, the From Exposure to Takeover report found that there are more than 15 billion stolen account logins from 100,000 breaches available in the dark web.
Related reading: Phishing 101: Teaching Your Employees to Keep the Company Data Safe
MFA prevents account hacks
According to IBM’s Cost of a Data Breach Report 2021, compromised credentials were the most common cause of breaches. Fortunately, enforcing MFA can help defend against stolen credentials. This is because even if the cybercriminal manages to steal your password, they still need one or more authentication methods to breach your account. Hacking an MFA-protected account is so difficult that cybercriminals often just move on to a more vulnerable target.
The IT security experts of SpectrumWise can help you implement MFA and other cybersecurity solutions. With us at your side, you can rest easy knowing that your business will remain protected. Schedule a consultation with us today.