I have three letters for you...
Updated: Jul 11, 2022
I have three letters for you, M-F-A.
Clients ask us every day, “What’s the first or most important thing we need to do to protect our organization from cyber crime?” Multi-factor authentication (MFA) is THE SINGLE MOST IMPACTFUL step an organization can take towards strengthening security posture.
Business email compromise is the most common attack vector, and MFA makes this attack a LOT more difficult for cyber criminals. Microsoft engineers stated that 99.9% of the account compromise incidents they deal with could have been blocked by a multi-factor authentication (MFA) solution. That’s a LOT of incidents that could have been avoided.
We’ve had 3 organizations call us in the past two weeks, with incidents that could have been prevented had MFA been in place. These are not small incidents. One involved intercepting a financial transaction that was a major, critical investment. Another had an account compromised, and cyber criminals were actively monitoring communications. And the third was an invoicing scam, where the attacker inserted themselves in the conversation to manipulate the accounting department into paying an invoice to the wrong account.
In all three cases, cyber criminals had already breached the email system, likely from credential harvesting, and were watching and waiting for the exact moment to intercept funds. These organizations had no idea their accounts had been compromised, and criminals were poised to pounce. Pillar forensic investigation was able to help identify the root cause and thus vulnerabilities for immediate remediation in all three cases.
Criminals are getting smarter. Their emails look more and more authentic. Their grammar has significantly improved. Their logo copying skills are remarkable, and they are starting to understand business process flows. The fact that they have seemingly unlimited patience and funding is just one more contributing factor as to why they are so successful. It’s truly shocking how sinister these attacks have become.
If you’re still not convinced you need MFA, here are a few more fun facts:
CISA’s first recommendation for “reducing the likelihood of a damaging cyber attack”……….MFA
Best way to combat credential theft……….MFA
One of the top requirements for cybersecurity renewal……..MFA
One of the top compliance requirements……..MFA
One of the highest returns on security investment……..MFA
If you’re still reading this blog, it may be because you need MFA. And if you’re like most of the organizations that contact us, you need it yesterday. The good news is that there are highly effective MFA tools that are relatively uncomplicated to implement. A Pillar favorite is Thales SafeNet Trusted Access (STA). It’s easy to deploy, has many advanced features (including contextual authentication), and we can get you a strategy for implementation and a quote for the tool, quickly. There are plenty of other solutions that work as well – Duo, Okta, SilverFort, Auth0 and LastPass.
The bottom line is, if you don’t have MFA, you are opening your door to cyber criminals and inviting them into your organization. MFA is the second padlock on the front door to EVERY system in your environment.
If your organization could use help building a security strategy and roadmap that aligns with your business needs and budget, Pillar is here to help. From tools and engineers to vCISO level support, Pillar can provide the expertise to support your team. Our customized services are trusted within public, private, financial, HIPAA, manufacturing, education and a slew of other sectors. Contact us.
Other Helpful Resources: