• News
  • Interviews
  • Articles
  • Podcasts
  • Insights
    • Future Ready
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Sign in
Welcome!Log into your account
Forgot your password?
Privacy Policy
Password recovery
Recover your password
Search
Thursday, June 1, 2023
Sign in
Welcome! Log into your account
Forgot your password? Get help
Privacy Policy
Password recovery
Recover your password
A password will be e-mailed to you.
ITSECURITYWIRE FAVCON ITSECURITYWIRE FAVCON ITSecurityWire
  • News
  • Interviews
  • Articles
  • Podcasts
  • Insights
    • Future Ready
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Home Guest Author Why Enterprises Should Rush to Adopt Multi-factor Authentication
  • Guest Author

Why Enterprises Should Rush to Adopt Multi-factor Authentication

By
Dr. Sid Pothbhare
-
October 16, 2020
159

Phishing attacks, social engineering, database breaches, cyber-attacks – all terms that have found their way into our daily lives. If the incessant news of the past decade has shown any trend, then it is that no organization is immune to attacks on their data. And a lot of this evidence points to single points of failures – passwords.

You are an IT manager for 500 employees who were all working out of your office earlier this year. When working at the office, there might have been a parking gate to pass through, a lobby with a security guard, a turnstile to swipe in at, and maybe another door to swipe past before employees got to your workstation.

There are probably a few other security measures like CCTV cameras and even security-conscious colleagues to help keep cybersecurity hygiene strong. But when it comes to data access, many organizations still depend on their employees using simple passwords to access their digital assets.

This cavalier attitude towards computer security is one of the largest threat vectors for any organization, but interestingly the easiest to solve using multi-factor authentication.

Read More: Coronavirus Phishing Attacks – Most of Them Have US IP Addresses

Though MFA has been available for years, its popularity (and necessity) has skyrocketed due to the rise of a pandemic. MFA means you need two or more pieces of authentication than just your username and password combo (e.g. your smartphone, hardware token, or biometric signature).

With the significant increase in remote workforce numbers, it is essential that enterprises have defense mechanisms in place to tackle the new situation. What security staff thought was a vulnerable cybersecurity infrastructure a year ago is made exponentially worse today. The point of MFA is to add additional layers of security in case one layer is breached (password).

What if you don’t use MFA?

The first problem with not using MFA is that the potential damage from minor problems becomes major – think of how many employees are being cavalier or downright negligent with their password security duties.

MFA is like requiring two forms of ID rather than one so that even if a criminal forged one form of ID, it would be very difficult (and cost-prohibitive) to forge two or more. People aren’t in the office under watch, admins can’t trust people while they’re at home or their local coffee shop, so the only alternative is to enforce automated security including MFA.

Read More: Can Cyber Security Provide a Competitive Advantage to Businesses?

People will share passwords

Sharing passwords does not involve a daring criminal – it’s just when one user willingly shares their credentials with another person. The risk is that the person that had the password shared with them can be careless and write it down or reshare it – this is where the big risks of sharing passwords occur because then it can fall into a criminal’s hands.

MFA helps combat the risk of user sharing passwords. If the user has text OTP as a 2nd factor set up, then another user who has the shared password that logs in will have to also get the OTP that can only be obtained through the original owner’s phone, preventing the second user from logging in.

Reusing the same password

Reusing passwords leaves accounts vulnerable to credential stuffing attacks. If a cybercriminal was able to crack your email login and you use the same username and password for other accounts, then you just did the cybercriminal’s job for them.

If you have MFA in place, then even with 100 compromised passwords, the criminal will require 100-second factors. How can admins trust users who have an inherent interest in productivity (but not directly security) to choose longer passwords that are more prone to typing mistakes? They can’t.

Increased susceptibility to phishing attacks

MFA can help combat most phishing attacks since even if the malicious actor were to gain knowledge of a victim’s username and password (factor 1), they would still need the victim’s 2nd or even third factor to gain access.

If a user receives a malicious email to log in to a supposed banking site, if the user falls for this trick and gives up their log in information, MFA will still guard against unauthorized access because the attacker still needs the next factor (which can’t be stolen through the phishing form).

MFA options for enterprises

Text SMS is one of the most popular forms of MFA since most people have a smartphone and are used to texting, but this method is also one of the most susceptible to cyber-attacks. Spoofing attacks have proven effective at intercepting text messages since texting was not built with security in mind.

Read More: Intelligent Pivoting: Key element of detection and response

Hardware and software tokens are a strong choice for MFA since hackers would have to physically steal these devices (reducing the attack surface drastically). Some tokens require the user to plug into the USB port, others require reading the OTP of the token’s LCD screen, and some are automatic. Software tokens are digital versions of tokens stored on devices such as the user’s smartphone.

Biometrics in the form of fingerprint, retina, facial, vein, and even behavioral biometrics are another popular option to use as an additional factor. The problem with biometrics is that immutability comes into play if the biometric data was ever compromised (one cannot make a new fingerprint or face once stolen).

There are multiple methods attackers use to try to steal biometric information, even scanning Facebook profile pictures to steal facial biometric data.

Summary

Multi-factor Authentication is the need of the hour. When almost all of our work is done on a computer and on websites, it is imperative that organizations enforce policies to protect access to these digital assets.

With the plethora of MFA options available, it is much simpler to choose the one that fits the organization’s needs and workflow. If organizations have to comply with certain standards like HIPAA, CJIS, DFARs, etc. then MFA is a requirement, and not an option anymore.

Protecting the organization’s data, and more importantly, their customer’s data should be the highest priority of any security architecture. MFA goes a long way towards that goal and must be a fundamental part of any organization’s security plan going forward.

  • TAGS
  • attack on biometrics
  • Automated security
  • Credential Stuffing Attacks
  • HIPAA
  • multi-factor authentication
  • passwordless login
  • two-factor authentication
Previous articleShould Cybersecurity Training be Included in the Employee Onboarding Deck?
Next articleSentinelOne Secures Patent for Breakthrough Protection Techniques
Dr. Sid Pothbhare
https://itsecuritywire.com/
Co-founder and CEO of Untethered Labs, creators of the GateKeeper Proximity wireless authentication solution for hospitals, law enforcement, manufacturing, and more. 10+ years of experience in leading cross-functional teams in project management, product development, government R&D, fundraising, and SBIRs. Principal member and Vice President at CoolCAD Electronics LLC, leading R&D programs in various fields including semiconductor research, hardware prototyping, and software development. PhD and MS in Electrical Engineering from the University of Maryland.

RELATED ARTICLESMORE FROM AUTHOR

Will the Insider Threat Intensify in Tough Economic Times?

Will the Insider Threat Intensify in Tough Economic Times?

Security Strategies to Truly Evolve with The Business

Security Strategies to Truly Evolve with The Business

Shreyans Mehta

Are APIs Overexposed and Under Protected?

Latest posts

Appgate’s New Managed Service Provider (MSP) Program Enables Partners to Maximize Value of Zero Trust

Appgate’s New Managed Service Provider (MSP) Program Enables Partners to Maximize Value of Zero Trust

November 2, 2021
NPCore forms global partnership with Viet Cyber Security towards expansion into SE Asian IT security market

NPCore forms global partnership with Viet Cyber Security towards expansion into SE Asian IT security...

November 29, 2021
New Critical RCE Bug discovered Magento Open Source-01

New Critical RCE Bug discovered Magento Open Source

February 21, 2022
Cisco Fixes Critical VM Escape in NFV Infrastructure Software

Cisco Fixes Critical VM Escape in NFV Infrastructure Software

May 9, 2022
Cybersecurity

Reasons why Cybersecurity Mesh Architecture Has Become a Necessity for Modern Enterprises

November 29, 2022


An invaluable resource for all your IT security initiatives and assets.

Knowledge sharing platform for all IT security needs and plans. Peer to peer conversations that leverage industry experts and leaders for ideas, opinions and business insights.

Media@ITSecurityWire.com
Sales@ITSecurityWire.com

Recent Posts

  • Multiple Vulnerabilities Identified in PrinterLogic’s Enterprise Software
  • Bishop Fox Adds Cybersecurity Product and Engineering Veteran as Chief Product Officer
  • SOC Prime Announces Integration with Amazon Security Lake to Boost Security Operations
  • ExtraHop Now Supports Amazon Security Lake to Streamline Security Data on AWS
  • EXPOSING: Business Email Compromise (BEC) Scams: Everything You MUST KNOW

Visit Our Other Publication



Quick Links

  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Learning Center
  • Privacy Policy
  • Do Not Sell My Information
  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Learning Center
  • Privacy Policy
  • Do Not Sell My Information
An Imprint of OnDot ® Media © | All rights reserved | Privacy Policy