Mitnick Security Blog - Cybersecurity News and Articles

5 Reasons to Enable Company-Wide Multi-Factor Authentication

Written by Mitnick Security | Jul 2, 2021 9:39:46 PM

Are you only using multi-factor authentication (MFA) because you've been told over and over that you need to? If you are, you’re not alone. Many organizations adopt an MFA policy to be more secure, yet are still unsure as to how it works and why their company needs it so badly.

Since modern-day tools make it easier than ever to crack a password, multi-factor authentication assumes that a password alone isn’t enough. Instead, MFA requires a user to provide two or more factors for verification for enhanced security.

But is it necessary to jump through all these hoops to gain user access? We think so— and here’s why. Here are five important reasons your org could benefit from MFA:

 

1. Weak or stolen user credentials are a point of entry for attackers.

According to the Google / Harris Poll, 66% of respondents admitted to using the same password for multiple accounts. How many times have you reused the same password at work?

The same poll found that 59% of adults use either a birthday or name in their passwords. Guess what the first thing crafty social engineers dig up online about you? You guessed it: your birthday and names of friends/family/pets. 

Worse still, at least 24% of respondents in the survey indicated that they used common passwords such as “123456,”Password,” or “Admin.” It's clear from these responses that many employees are using extremely weak passwords. 

These weak passwords are often the result of a thing called password fatigue. People become tired and frustrated with having to remember so many passwords that they simply choose the path of least resistance— easy or recycled passwords. 

Unfortunately, hackers are capitalizing on the lax approach to passwords taken by many users today. Easily accessible password cracking programs allow malicious actors to try multiple variations of passwords at one time. For example, an 8-character password can be cracked in less than three hours using a password cracking rig and software, regardless of complexity. 

Verizon's 2017 Data Breach Investigations Report reported that 81% of breaches occurred thanks to weak or stolen passwords— so MFA is truly a necessary layer of added security. 

 

2. Social engineering is the most popular method of cyber breach.

Using password guessing software isn't the only way hackers steal passwords today. Social engineering is a prevalent technique used by cybercriminals to gain unauthorized entry. The most common form of social engineering being phishing— or the act of sending a fraudulent email in an attempt to steal credentials— has a very high success rate for bad actors. 

According to the FBI's Internet Crime Report, phishing was the most common type of cybercrime in 2020, and phishing incidents almost doubled in frequency. The same report states that there were 241,342 victims of phishing, vishing, smishing, and pharming in 2020— and those were just the ones who reported it!

Don’t believe us? Watch Kevin reveal how easy it is to crack a password using social engineering and open source intelligence... 

 

 

3. MFA could help your org meet compliance.

As if protecting your organization's assets wasn't enough of a reason to implement MFA, meeting compliance requirements is yet another reason to implement this added security measure. Many industries, including Finance and Healthcare, have to meet specific regulatory compliance requirements. 

For example, any company that stores or even processes payment card information must be Payment Card Industry Data Security Standard (PCI-DSS) compliant. PCI-DSS requires multi-factor authentication to be in place for compliance. 

Implementing multi-factor authentication can also help meet other compliance requirements, including those for the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) Act, and the Gramm-Leach-Bliley Act (GLBA). While some do not explicitly call out the requirement to use multifactor authentication, they do put a very high value on protecting data, making MFA a no-brainer and automatic benefit to any security program. 

 

4. MFA can simplify the login process for your team. 

It can be difficult for people to remember passwords for every account or website they need to access. To prevent forgetting their passwords, many people will choose a very easy password, reuse old passwords, or even write them down on a sticky note on their desk— all of which create a security risk. 

On the other hand, those who choose security and create complex passwords may forget their password, making it difficult to access necessary resources. 

The good news is, multi-factor authentication can help to simplify the login process. Users can store complex passwords in a password vault that utilizes multi-factor authentication and logs into websites for you. Not only will it save your users time, but it will also keep them safer online.

5. MFA deters bad actors when scouting out their next target.

It is more likely that attackers will go for the “low-hanging fruit—” and boy are weak passwords easy for hackers to grab. 

While MFA can't prevent all cyber attacks, it adds a layer of difficulty to those trying to gain illegal access. To hackers, time is money. Hackers will likely go after organizations where MFA isn't present during their reconnaissance, as it will take less time to gain unauthorized entry. 

Enabling MFA wherever possessive is a simple step that adds an additional layer of protection to your organization and benefits your overall security posture.

 

MFA is Great, But it’s Not the Security End-All-Be-All

Strong password hygiene and MFA are only one part of your org’s overall security equation. There are a number of other attack vectors used by bad actors, every day.

Download our 5-½ Steps Guide to Avoid Cyber Threats guide for a few high-level, yet highly actionable ways to improve your cybersecurity initiative.