Password-based attacks are one of the most common tools in the hackers’ toolkit, with about 81% of company data breaches directly attributable to an exploited password or network credential.
The reason these attacks are so popular is because they’re simple and effective. Instead of advanced strategies, such as SQL injection or cross-site scripting (XSS), hackers who want to access your data with phishing can simply send some emails and hope your staff hand over their network credentials.
That’s why the LNS solutions team secures all its clients’ devices with what’s known as multi-factor authentication (MFA). This article is designed to help businesses in the Tampa area understand why we’re so insistent on using MFA and how it helps stop a wide variety of common attacks.
MFA is a way of controlling access to your network that goes beyond just requiring a simple password to log into your network. By requiring another type of proof (or “factor”) to gain access to your systems and data, MFA provides a dramatically higher level of endpoint security than passwords alone.
There are several types of multi-factor authentication, including the following:
MFA helps businesses stay safe by blunting the impact of the most common forms of cyberattack, including two of the most prevalent cyber threats, phishing and ransomware.
Half of all cybersecurity leaders feel that phishing is a serious threat, with network credentials being the goal of most such attacks. In the simplest form, phishing tricks employees into clicking on a link that gives hackers access to their computer, which they can then use to infiltrate connected systems.
MFA helps prevent phishing by forcing hackers who have stolen a password (or purchased one on the dark web) to jump through yet another security door. In fact, according to Microsoft, MFA could prevent over 999% of account-based cyberattacks.
MFA cannot stop ransomware entirely, but it’s a powerful tool that can make a critical difference in many scenarios. Besides the direct benefit of scaring hackers from your network with MFA, alerts from an MFA authentication app can also give a hacked end user critical warning they’ve been compromised, allowing your cybersecurity team (or partner) to take mitigating steps before things spin out of control.
Small Businesses Remains Wary of MFA Adoption
According to one recent study, over two-thirds of smaller organizations have not implemented MFA yet. Why are businesses, who are relatively undefended, so resistant to a simple, cost-effective security approach that’s so effective?
We’ve found that resistance to MFA breaks down into a few different camps.
Unfortunately, MFA alone isn’t enough to guarantee strong network security. Hackers are highly adaptable and have found ways to bypass some of the protections that MFA provides, though the methods for doing so require a lot more skill and insight than it takes to launch a standard phishing attack.
For example, “Man in the Middle” attacks work by temporarily assigning the cell phone number of an employee to another cell phone. This is called “spoofing.” Spoofing allows hackers to intercept the SMS messages that verify a user, disrupting the second MFA factor and gaining access to your systems.
Another thing to watch out for is simple “MFA fatigue” or “MFA spamming.” By overloading a user with MFA prompts and notifications, hackers hope that they will eventually, out of frustration, force the user to accept the login attempt to stop the notifications from coming.
That’s exactly what happened at a recent hack at Cisco. If a major technology company is vulnerable to such an attack, it makes sense that small-and midsized businesses in Tampa should be vigilant as well.
Here’s what you can do to ensure your MFA provides a consistent, strong defense.
Focus on Your Overall Cybersecurity Posture
Perhaps the most critical thing you can do to ensure your MFA deployment is a success is to ensure that you’re applying cybersecurity best practices to the other aspects of your network. If there are other weak spots in your defenses, such as poor password management or data hygiene, then hacking MFA becomes much easier.
There’s a new generation of “phishing resistant MFA” that goes beyond the SMS message, other one-time passwords (OTP), and app-based push notifications. Based on new authentication technologies, like FIDO or the Federal Government’s Personal Identity Verification (PIV), this type of MFA uses strong cryptography, device registration, and advanced biometric to eliminate the eliminate the weak links in standard MFA process.
Phishing-resistant MFA is a newer technology that large tech companies like Google and Microsoft have adopted, but you can be sure that as it matures, it’ll find its way into small business networks.
For over two decades, the LNS Solutions team has helped companies in the Tampa area stabilize their networks and protect their sensitive data and assets. If you have cybersecurity questions, we encourage you to reach out to our team any time at (813) 393-1626 or info@LNSSolutions.com.