Hardly a week goes by without a news story of another company’s data being hacked by cybercriminals. And the consequences have been severe, with the identities of millions of customers put at risk, vast sums of money stolen, and with the tarnishing of some of the world’s most respected brands.
It is estimated that in 2020 cybercrime cost the global economy more than $1 trillion. This amounts to over one percent of global gross domestic product (GDP)—half again as much as it did as late as 2018.¹ And the trend is expected to continue.
It is estimated that in 2020 cybercrime cost the global economy more than $1 trillion.
Staggering as those facts are, they say nothing of the untold story: the massive investment in time and money needed to recover from these business disruptions; the loss of consumer trust; the blow to productivity; and the cost to fortify IT systems against another attack.
For this reason and many others, companies are increasingly using multifactor authentication (MFA) to enhance the traditional method of verifying employee credentials.
This blog article will explain what MFA is, demonstrate its importance to businesses large and small, and explain why Stability Networks is implementing this highly effective technology for our customers.
How hackers misuse usernames
As increasingly more business (and life) gets conducted online, as more and more bank accounts and precious personal data sit behind a simple series of keystrokes, the trusty username and password are proving inadequate.
Because they often consist of an email address—or portion thereof, usernames are astonishingly easy for hackers to grab. That’s step one in a relatively easy two-step dance that lets hackers waltz in, have their way with your entire IT system, and destroy your business continuity.
The problem with passwords
Passwords or even passphrases present various problems due to their simplicity and complexity. Complex strings of letters, numbers, and symbols can be difficult for users to remember. So, what happens? Passwords are often dumbed down, written down, reused between accounts, or made up based on personal information.
Even the most confident CIO should be terrified when Larry in the Finance Department decides to protect his company’s sacred chart of accounts with “1234password.”
Stolen login credentials have become the favorite M.O. of hackers to achieve data breaches.
Once they have a username, there are many ways hackers can steal passwords: spear phishing, brute force attacks; web application attacks, and even hardware theft. Perpetrators can then use those credentials to log in to applications and business systems, bypass other access controls, and wreak serious havoc.
No wonder stolen login credentials have become the favorite M.O. of hackers to achieve data breaches.²
Solution: Multifactor Authentication (MFA)
Multifactor authentication improves IT security by introducing other methods to verify a user’s identity beyond a simple username and password. Multifactor authentication is the first step a business can take in implementing the Zero Trust mindset of “never trust, always verify.” It can be broken down into three categories:
- Something you know, such as a password or PIN
- Something you have, such as a token or smartcard
- Something you are—your face, fingerprints, voice, even your eyeballs
The attraction of MFA is that it does an excellent job of protecting IT systems by adding to (not replacing) the user name/password scheme to which people are accustomed.
Multifactor authentication makes life harder for cybercriminals because it requires additional information that they cannot guess, derive, or fake.
If you shop or bank online, you may already have experienced MFA in action when you are sent a text asking to verify your identity after entering your username and password. You might be asked to have your fingerprint scanned as the second factor in more high-risk situations.
What makes this method so effective
Earlier, we stated how relatively easy it is for hackers to obtain usernames and passwords. MFA makes life substantially harder for attackers because it requires authentication using information that they cannot guess, derive, or fake, such as a token or a fingerprint. While “fake finger” attacks using lifted fingerprints have been known to occur, the chances of criminals possessing two distinctly different types of identity factors at once are still very slim.
This is why MFA is so good at thwarting cybercrime and why Microsoft claims it can block over 99.9% of account compromise attacks.³
The technology behind multifactor authentication
MFA is enforced through Conditional Access (CA). CA is a logic-based technology that can be programmed to classify a user’s authentication attempt and perform an action based on multiple variables. For example, CA can block all connection attempts that come from outside of the United States.
Microsoft claims MFA can block over 99.9% of account compromise attacks.
In situations requiring even greater security, adaptive MFA can be used. Adaptive MFA factors include such logic as geolocation, user risk, or location of the last login attempt compared to a current authentication request. For example, it might flag login attempts made from a coffee shop using open wireless, an unknown or new device, or unrealistic travel distances, all of which would be configured to trigger a user for MFA authentication.
Other benefits of MFA
Along with the immediate improvements to your organization’s security discussed earlier, multifactor authentication brings several other benefits:
Customization
Each authentication factor offers different options, giving companies the ability to tailor the user experience to meet their needs. Two or even three factors can be used, depending on the level of security required and what hardware is available.Regulatory compliance
MFA helps meet the enhanced security demands of highly regulated segments such as healthcare (HIPAA), payment processing (PCI), government (NIST), and other industries.Single sign-on efficiency
MFA works efficiently with a single sign-on (SSO) approach. SSO saves time and improves productivity by enabling employees to access many different applications after signing in once. It also eliminates the need to create multiple passwords or make the risky choice of reusing the same password.Workforce mobility
Companies are increasingly allowing employees to work from home. MFA helps workers easily and securely access the resources they need using mobile devices, especially when integrated with a single sign-on approach.
Preparing for MFA
Implementing multifactor authentication can range from the complex to the surprisingly simple. At the extreme end, it could involve detailed changes to sign-on procedures and the addition of biometric scanners or common access cards (CAC). Or the implementation of MFA could be as easy as making a few simple changes to employees’ smartphones. It all depends on the nature of your business and the potential risks of a data breach. In any case—given the realities of cybercrime today, the benefits are well worth the effort.
Stability Networks is here to help
Security is crucial to your organization’s business continuity. Stability Networks has mandated multifactor authentication across our entire client base.
Reach out to us if you’d like to learn more about how we can help you use this and other innovative approaches to secure your business. Call (208) 344-0050 x2, or email us at support@stabilitynetworks.com.
[1] Smith, Zhanna Malekos, et al. The Hidden Costs of Cybercrime. McAfee, 2020.
[2] 2020 Verizon Data Breach Investigations Report.
[3] Maynes, Melanie. One Simple Action You Can Take to Prevent 99.9 Percent of Attacks On Your Accounts. https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/ August 20, 2019.
