Discover the Biggest Step to Preventing 99.9 Percent of Cyberattacks
Microsoft cloud services encounter over 300 million fraudulent sign-in attempts daily. This figure is a pointer to the many cyberattacks that happen daily on various other systems globally. Cybercriminals are constantly working to improve cyberattacks methods, even without the use of advanced technology. This tells you that hacking of business systems is not going away any time soon, and cybersecurity should be a priority in your business.
Research shows that most data breaches (81%) are due to weak or stolen passwords. 61% of the attacks target businesses with fewer than 1,000 employees. Most employees don’t intentionally try to compromise company security, but their password practices are wanting. The worst habit is using one password across multiple accounts. An often-quoted Microsoft Research shows that the average user has 6.5 passwords, each used across approximately four accounts. Users also create highly simplified passwords that put network resources at a higher risk of a security breach. Employee education and training go a long way in reducing the attacks, but this is not enough.
How Do Hackers Steal Credentials?
Passwords are often the only obstacles that hackers face to accessing business systems. As such, they have devised means to lift them whenever they can, including:
- Phishing or spear-phishing: using email to trick users into entering credentials into web forms or pages. The email looks like it’s coming from a reputable person your company has a business relationship with. Sometimes it is targeted to a specific individual thought to have a lot of privilege across system access.
- A brute force: criminals try to use commonly used passwords until they find the one that works. They usually have written automated scripts to work around simple protections like a limit on authentication attempts within a given time frame. If your business is without multi-factor authentication, all the hackers need is a single username and password combination to access your system. This approach works easily for accounts with shared passwords.
- Wi-Fi access: criminals sit in a crowded place and pretend to be a genuine Wi-Fi hotspot. When you connect to the Wi-Fi, the criminal observes network traffic and the keystrokes you use while connected. It becomes easy for them to get hold of your bank account and credit credentials and even access your company networks. Once they have these details, they use them to access systems, install ransomware, steal data, and even more credentials to unlock other systems.
The Most Crucial Step to Protect Your Business
Fortunately, there is one crucial step you can take to reverse this trend. It will go a long way in enhancing the security of your systems. Turning on multi-factor authentication (MFA) adds a layer of protection that attackers cannot pass through. Even if they crack the passwords to most of your accounts, they can’t gain access if MFA is enabled.
What Is Multi-Factor Authentication?
MFA is the simplest and most effective way to boost your login credentials. After entering your login details, the system you are login into requires you to provide more security details. This independent factor is only known to the user and is hard for a cybercriminal to guess. Hence, MFA is a crucial component of a strong identity and access management policy that:
- Makes it hard for hackers to access your accounts and data
- Helps mitigate the risk of poor password use and practices
- Gives employees peace of mind when they know that the systems are secure, hence more productivity and flexibility
- Is fast and easy to implement
- Helps your company stay compliant with specific cybersecurity regulations
One of the most common MFA factors that most systems support is a one-time password (OPT). This is a 4 to 8-digit code you receive through email or SMS. With this type of MFA, the system generates a new code each time an authentication request is submitted.
MFA authentication methods fall into three main categories:
- Things you know, for example, a PIN, password, or answers to security questions
- An item you have, like a smartphone or badge
- Something you are, for example, voice recognition, retina or facial scan, or fingerprints.
MFA relies on artificial intelligence and machine learning and has, therefore, become more sophisticated. Other categories include:
Location-based MFA identifies your IP address and geo-location. The system can block access to an account if the information doesn’t match what is specified or whitelisted. Location-based MFA can be used as an additional layer of security to other factors like OTP to confirm the user’s identity.
Also known as risk-based authentication, adaptive authentication analyzes additional factors like context and behavior when verifying a user’s identity. The method relies on these values to determine the risk level associated with the login attempt. For example:
- At what time are you trying to access the business network, accounts, or systems? Are these usual business hours or “off-work” hours?
- Where are you trying to access this information from?
- Is the device in use the same one you use all the time?
- Is the connection via a public or private network?
The systems calculate the risk level based on the answers to these questions. They can quickly determine whether to grant access permission or prompt for additional authentication.
The Future of MFA
It is now possible for companies to remove passwords from their cybersecurity equation. Industry protocols like CTAP2 and WebAuthn, both under the FIDO2 Alliance, have made this possible. The consortium was ratified in 2018 to make passwordless MFA possible and available to users. The standards ensure login credentials are well-protected for the security of the entire chain.
It’s not recommendable to rely on password protection alone, considering the magnitude of losses due to a typical breach. The FIDO standards define a way for online services to use MFA and provides passwordless options. These range from biometrics to security keys, among other mobile-device-based solutions. The use of biometrics is more mainstream as it’s a well-known technology to most users. Passwordless authentication has a high level of convenience and is also costly and more difficult for hackers to access.
As technology advances, so do the approaches to cybersecurity. For a long time, having strong passwords has been the best way to protect your accounts from external attacks. Hackers have now devised better ways to steal login credentials, and passwords are no longer safe.
Luckily, multi-factor authentication steps in to seal the gaps. It provides an additional layer of security. If well implemented, it can work without passwords. If this is a technological challenge you’d like to implement to enhance the security of your systems, talk to an expert. Call us today, and let us discuss a cybersecurity approach that will better protect your business environments.