If you happen to be a fan of the classic story The Wizard of Oz, you are likely familiar with the relationship between Dorothy and the ruby slippers. After going on a long and harrowing journey wearing them, they turned out to be the key to returning home. The answer was with her the whole time, and yet she couldn’t see it.
The cyber-security world is quickly realizing that they have been wearing their own kind of ruby slippers and are just coming around to appreciating their importance. In this case, the allegorical ruby slippers take the form of multi-factor authentication (MFA). MFA has been around for decades, but only now are the big players taking advantage of what it brings to the cyber-security table.
MFA is simply a security login protocol that requires more than one positive identifier to grant access to any secure network or platform. The most common single factor in practice is a username/password requirement. Multi-factor comes into play when one more layer of authentication is required beyond that. Generally, MFA is a combination of any of the following factors:
a) Something you know – Password or security answer such as mother’s maiden name or Grade 1 homeroom teacher’s name.
b) Something you have – Most commonly, a device such as a smartphone or a computer with a recognized IP address but can also be a credit card or hardware token.
c) Something you are – a more advanced biometric layer involving either a finger-print, voice-print, and sometimes even the sci-fi classic, retinal scan.
If you are part of an organization that uses a single-factor authentication to protect your critical enterprise data as well as your customer’s information, here are just three reasons why MFA is a no-brainer.
Reason #1 – The potential risk has never been higher
Cybercrime is sharply on the rise, and there is no sign of it slowing down anytime soon. According to Risk Based Security’s 2019 “Data Breach QuickView Report, “ 15.1 billion records were stolen in 2019 alone. The World Economic Forum estimated that the total cost of cyberattacks to the business community would reach $8 trillion over the next five years. The growth is so significant; it has been estimated that cybercrime has eclipsed the illegal drug trade in terms of sheer volume.
And yet, despite the growing threat, both organizations and individuals have been somewhat lackadaisical regarding login security. Verizon 2018 Data Breach Investigations Report (DBIR) found 81% of confirmed breaches are due to weak, reused or stolen passwords.
Just how weak are these passwords? Keeper Security analyzed more than 10 million compromised accounts and found that more than half were using the same 25 passwords. Even worse, a full 17 percent used 123456 as a password.
The barbarians won’t stop trying to crash the gate, so we all need to reinforce it as best we can.
Reason #2 – Bang for your buck
This is where I would typically point out a statistic that shows you how low the success rate is when trying to hack MFA logins. But here’s the problem – MFA is so successful in keeping out bad actors, Google doesn’t have statistics to show how ineffective it is.
Microsoft Group Program Manager for Identity Security and Protection, Alex Weinert, did have one statistic he could draw upon. “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.”
Not only is it incredibly useful, but it is also equally cost-efficient. The precise cost will vary depending on what solution you deploy; however, it will still be the most cost-effective approach you can take. And when you consider how effective it is, you can start to see why I use the term ’no-brainer.’
Reason #3 – It is portable
Yes, all organizations need a strong firewall for their network to protect themselves against cybercriminals. However, firewalls alone may not do the trick. They are highly effective when the user is on-site, but what about when they are travelling and logging in remotely?
The beauty of MFA is that it is effective, regardless of where the user may be. It can be used wherever they are at a hotel, working from home, or enjoying a pumpkin-spiced beverage in a café.
Alongside portability goes ease of use and maintenance. With MFA, you set it up once, and you’re done. Firewalls, on the other hand, require a lot of maintenance and upgrades for their entire lifecycle.
Clear the last remaining obstacle
Given the surge in cybercrime, it makes one wonder why every organization is not deploying it. The answer, in many cases, is a lack of awareness and expertise. Many organizations simply don’t know how to go about implementing it for their organization.
Don’t let this hold you back from deploying the most affordable and effective means protecting your organization from cybercriminals. Give me a shout anytime if you would like to discuss how MFA can help protect your organization.