The Urgency of MFA: Lessons from the Change Healthcare Cyberattack
Information released from the Change Healthcare ransomware attack in February 2024 reveals the absence of Multi-Factor Authentication on a...
Five Nines Team : Oct 9, 2024 8:00:00 AM
3 min read
Typing in a simple username and password is no longer enough to protect your data in the business technology world, which is why multi-factor authentication is such an important security measure. The cybercrime industry is after our most vulnerable information, and businesses are now forced to fight back with stronger cybersecurity practices.
According to the Verizon Data Breach Investigation Report, 81% of confirmed breaches involve weak, default, or stolen passwords. There are plenty of opportunities available for hackers to take advantage of, as 38% of large organizations and 62% of SMBs do not use any form of multi-factor authentication at work. Implementing multi-factor authentication is something that will benefit both your users and your organization's overall security.
Multi-factor authentication is a security method that adds an additional form of authentication to the login process on a given account.
While it is good to have a strong password, taking extra precautions is always recommended. When using multi-factor authentication, a user is only granted access to an account after completing extra steps to confirm their identity. For example, if you are trying to access your email, instead of only entering your email address and password for access, you may also receive a push notification on your mobile device to confirm that it's actually you. If the information doesn't match up, you don't receive access to the account.
If a hacker attempts to gain access to your account, you should receive a notification of some sort to complete the second step of logging in. If you are not attempting to access your account, and you are alerted by a notification, that is an immediate sign that someone could be trying to hack you. From there, you will have the ability to respond immediately by changing your passwords and contacting your IT provider.
As of just last year, 71% of all data stolen in basic cybersecurity attacks were credentials and those credentials were used in nearly one-quarter of the year's successful breaches. Add to that, 74% of breaches involved a "human element" or mistake, which directly or indirectly led to the compromise of credentials or other data.
Put simply, strong credentials do not necessarily equal unbeatable security, because human error is always at play.
Internal Training and other strong security practices can help defend against human error, but a layered approach should be taken. If credentials can be stolen, their successful reuse can be deterred with methods like MFA. Additionally, MFA is becoming a standard requirement in Cyber Insurance policies and can become a disqualifying factor for coverage if you aren't already using it.
Always choose the most secure MFA method available, options listed in order of security below:
Our security tip is to ensure your accounts are protected with complex, unique passwords, and the best multi-factor option you can reasonably use. There are plenty of multi-factor authentication platforms out there, so it's important to consult your IT team on an option that works best for your business. While you can make multi-factor authentication an optional security setting, many businesses decide to make this extra step required to ensure they are following the strongest security practices.
Information released from the Change Healthcare ransomware attack in February 2024 reveals the absence of Multi-Factor Authentication on a...
You come to work with all systems operational: patients are being checked in. Nurses are filling out charts. Doctors are prescribing medicine....
To view the recording of our Tuesday Tech Talk, click HERE. Cybersecurity incidents continue to make the news. Here is the Five Nines’ take on...