Ramp up your Cyber Protection with Multi Factor Authentication
- Sachdeva, Deepti. Security Boulevard, 2022.
The severity and frequency of ransomware attacks and other cybercrimes have exploded in the last few years. The pandemic’s gift – the ability to work from anywhere – has contributed to the rapid growth of these cyberthreats. Multi-factor authentication (MFA) was made necessary during COVID-19 when businesses were abruptly compelled to adopt a remote work paradigm. Currently, as the use of personal computing devices, particularly smartphones, has increased, the MFA model has also evolved.
According to projections, the MFA market is expected to increase in size from an expected USD 12.9 billion in 2022 to an estimated USD 26.7 billion in 2027, at a Compound Annual Growth Rate (CAGR) of 15.6%. The need for more secure digital payments as well as an increase in threats and breaches are driving the demand for MFA.
This second directive reportedly contained mandates regarding password updates, disabling Microsoft macros, and additional security measures including multi-factor authentication (MFA) and password changes on programmable logic controllers (PLCs). Moreover, it offered pipeline owners and operators the option to suggest alternatives to these measures.
Now TSA, an arm of the Department of Homeland Security (DHS), is reportedly prepared to adjust some of the requirements in the second directive, in particular loosening the incident reporting requirement, which was apparently expanded from 12 to 24 hours on May 29. In addition, an update to the second directive is reportedly scheduled for no later than July 26.
An updated pipeline security directive is underway, reflecting TSA struggles
- Brumfield, Cynthia. CSO, 2022.
MFA Fatigue attacks are putting your organization at risk
- Software, Specops. Bleeping Computer, 2022.
The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA fatigue attacks—a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.
MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.
The digital assets market has grown significantly in recent years. Millions of people globally, including 16% of adult Americans, have purchased digital assets—which reached a market capitalization of $3 trillion globally last November. Digital assets present potential opportunities to reinforce U.S. leadership in the global financial system and remain at the technological frontier. But they also pose real risks as evidenced by recent events in crypto markets. The May crash of a so-called stablecoin and the subsequent wave of insolvencies wiped out over $600 billion of investor and consumer funds.
President Biden’s March 9 Executive Order (EO) on Ensuring Responsible Development of Digital Assets outlined the first whole-of-government approach to addressing the risks and harnessing the potential benefits of digital assets and their underlying technology.
FACT SHEET: White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets
- The White House, 2022.
Multi-factor auth fatigue is real – and it's why you may be in the headlines next
- Burt, Jeff. The Register, 2022.
ANALYSIS The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web.
The miscreant then repeatedly tried to log into the contractor's Uber account, triggering the two-factor login approval request that the contractor initially denied, blocking access.
However, eventually the contractor accepted one of many push notifications, enabling the attacker to log into the account and get access to Uber's corporate network, systems, and data.
Security attacks taking advantage of multi-factor authentication (MFA) push notification fatigue are increasing because MFA is working, Expel noted in its latest Quarterly Threat Report.
The findings are based on incidents identified by Expel’s security operations center during the third quarter of 2022. It found MFA and conditional access, which are often part of a zero-trust strategy, were configured for a majority (more than 80%) of the successful compromises, while attackers got in by tricking the legitimate users to accept the MFA request.
On the other hand, around half of the business application compromises (BAC) in the quarter were stopped by MFA or conditional access policies, the report found.
Expel: MFA Still Works Despite Push Fatigue Surge
- Liu, Nancy. SDX Central, 2022.
MFA Fatigue: Rethinking How Enterprises Authenticate
- Soroko, Jason.
Security Boulevard, 2022.
Not all forms of multi-factor authentication (MFA) are created equal and the forms that are based on one-time passcodes have turned into corporate liabilities. One-time passcodes that are entered into malicious login pages or entered into a compromised endpoint can be harvested by an attacker and utilized to log in along with a harvested username and password.
In the case of the massive Uber breach in September, the attacker, after harvesting a username and password, utilized a form of MFA ‘exhaustion attack’ which means that the legitimate user is challenged over and over for a one-time passcode when the attacker attempts a login, finally entering the code to simply stop the barrage of authentication challenges which take the form of ‘push notifications’ usually to a mobile device.
Global Multi-Factor Authentication Market: Trends and Forecast (2022-2027)
- Linker, Reporter. Yahoo Finance, 2022.
Use of multifactor authentication increasing, Cisco data shows
- Solomon, Howard.
IT World Canada, 2022.
Organizations around the world — including in Canada — are increasingly adopting multifactor authentication (MFA) to improve their cybersecurity posture, a new report from Cisco Systems suggests.
The numbers, which come from an analysis of the use of Cisco’s Duo MFA platform, show authentications through Duo were up almost 15 per cent in the U.S. this year over 2021, almost 24 per cent in the U.K., and almost 25 per cent in Canada.
“We have moved well beyond the discussions of password complexity to those where investing in multi-factor authentication (MFA) and passwordless technology are mandatory costs of doing business,” Cisco concluded in a report analyzing the data.
Ready or not, two-factor authentication is something you’ll need to start thinking more about.
This approach to online security, also known as two-step authentication, multi-factor authentication, or just 2FA for short, involves combining a regular password with a secondary numeric code, which you must enter on any device where you haven’t logged in before. This extra code typically gets sent to your phone, so someone who steals your password can’t get into your account unless they have physical access to your phone as well (and know how to unlock it).
How to use two-factor authentication to lock down your accounts the right way
- Newman, Jared.
PCWorld, 2022.
Transmit Security Releases Guide on Multi-Factor Authentication (MFA)
- Marketers, Media. Digital Journal, 2022.
Guide sheds light on what MFA is and how it can improve not only a customer’s account security but also their experience; guide also provides alternatives to password authentication.
Transmit Security, leading Customer Identification and Authentication Management platform and solutions provider, has released a guide on multi-factor authentication (MFA). In this guide, the business explains what MFA is and how it can help protect customer accounts and improve user experience.
According to the guide, MFA is a system of authentication where more than one factor is used to validate a user’s identity.
NEW YORK, Nov. 2, 2022 /PRNewswire/ -- The Global Multi-factor Authentication Market share is set to increase by USD 20806.45 million from 2022 to 2027. Moreover, the market's growth momentum will accelerate at a CAGR of 21.41% as per the latest market forecast report by Technavio. The market will also record a 20.37% Y-O-Y growth rate during the forecast period.
Global Multi-factor Authentication
Market - Parent Market Analysis
Technavio categorizes the global multi-factor authentication market as a part of the global IT consulting and other services market within the global IT services market. The parent market, the global IT consulting and other services market, covers companies that provide information technology consulting and information management services. Technavio calculates the size of this market based on the combined revenue generated by companies engaged in the provision of all types of IT consulting and information management services.
Multi-factor Authentication Market Size to Grow by USD 20806.45 Million From 2022 to 2027, Assessment on Parent Market, Five Forces Analysis, Market Dynamics & Segmentation - Technavio
- Newman, Jared.
PCWorld, 2022.
Password management in 2023 and the future of passwordless authentication
- Rothaar, Teresa. Security Info Watch, 2022.
Businesses and consumers have relied on passwords for decades, and password use has continued to grow over the last two years with the move to remote work and the increasing use of cloud services. While password protections have come a long way since MIT created the first computer password in 1961, poor password hygiene remains. Credentials are a popular attack vector for bad actors to hack into organizations, making poor password practices a significant threat for businesses. One stolen password can bring down tens of thousands, even millions of dollars worth of cybersecurity defenses, which we saw firsthand with the recent NVIDIA breach. This points to the need for sophisticated technology and solutions that secure passwords and make them more manageable.
Twenty five years ago, we had multi-factor authentication, noted Renee Guttman, former CISO, Coca-Cola, Time Warner, and Campbell’s. It’s one of the few technologies that we still use today. But sadly we’re still hanging onto passwords, or at least most of us are.
Renee and I chatted about the history of the Black Hat conference (that’s where we are in this video), it’s initial intended purpose, and how it’s trying to make all of us think what could happen next.
What Have We Learned from 25 Years of Cybersecurity?
- Spark, David. CISO Series, 2022.
CISA Publishes Multi-Factor Authentication Guidelines to Tackle Phishing
- Mascellino , Alessandro. Info Security, 2022.
The Cybersecurity and Infrastructure Security Agency (CISA) has published two fact sheets designed to highlight threats against accounts and systems using certain forms of multi-factor authentication (MFA).
“CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber-threats,” the Agency wrote, commenting on the news.
The first of the two documents describes multiple methods threat actors have used to gain access to MFA credentials, including phishing, push bombing (AKA, push fatigue), exploitation of Signaling System No. 7 (SS7) protocol vulnerabilities and SIM swap.
Multi-Factor Authentication Market – Insights:
This comprehensive analysis of the fastest-growing Multi-Factor Authentication market provides insights that will help stakeholders identify both opportunities and challenges. The 2022 market could see another significant year for Multi-Factor Authentication. This report provides insights into the company’s activities and financial status, recent developments and the most up-to-date SWOT analysis. This report focuses on the Multi-Factor Authentication market during the 2032 evaluation period. This report also includes a growth analysis that incorporates Porter’s five-factor analysis as well as supply chain analysis.
Multi-Factor Authentication Market Size In Stowage Bins Segment Is Expected To Exhibit Significant Growth Over 2032
- Newsmantraa. Digital Journal, 2022.
Holding the modern frontline to secure the healthcare cloud
- Cleardata. Healthcare IT News, 2022.
A recent study found that only about 60% of provider organizations report implementing the most basic preventative measures for cybersecurity threats – like multi-factor authentication and data backups. John Whetstone, Vice President of Cybersecurity Services at ClearDATA, explores why today’s modern threat landscape requires a more sophisticated strategy – specifically one integrating Cyber Threat Intelligence.
What is zero trust and why is it important? What are the three core components of zero trust?
Zero trust is more than just the buzzword of the moment in cybersecurity. With social engineering attacks exploiting compromised passwords and legacy multi-factor authentication (MFA) technology successfully compromising many large enterprises, the need for zero trust is clearer than ever.
Zero trust – what is it and why is strong authentication critical?
- Thimot, Tom. Information Age, 2022.
How CISOs can drive revenue gains and advance their careers
- VentureBeat. Intelligent Security Summit, 2022.
One of the quickest ways for a CISO to earn a promotion is to prove that their security team can deliver revenue gains by protecting customers and strengthening their trust. Any organization’s security posture is core to the customer experiences it delivers. Protecting customers’ identities and data can mean the difference between being in business next year and being gone.
Forrester Research’s Security and Risk Forum 2022 session provided practical, pragmatic advice and insights to security and risk professionals. It challenged them to take control of cybersecurity initiatives, which is a core competency of their businesses.
Naturally, healthcare organizations have a wealth of private patient data available that’s worth a lot of money to hackers, who have the contacts to sell it on quickly. It’s made this industry a notable target for cyber crime, making it more important than ever that hospitals, GP surgeries and similar environments take extra precautions to protect their information.
The penalties of neglecting this are incredibly detrimental to businesses, not only in the ransomware attacks to regain their data but in the GDPR penalties that can result from this. The cost of using protective measures, such as multi-factor authentication, is much cheaper than the cost of losing confidential data.
- Murphey, Dakota. HRDirector, 2022.
Dell Technologies Strengthens Cyber Resiliency with Multicloud Data Protection and Security Innovations
- Data & Storage Asean, 2022.
The new solutions help address rising data protection challenges facing organisations. According to the 2022 Dell Global Data Protection Index (GDPI) survey, organisations have experienced higher levels of natural and modern disasters than in previous years, resulting in more data loss, downtime and recovery costs. In the past year, cyberattacks accounted for 48% of all disasters (up from 37% in 2021), leading all other causes of data disruption. The survey also revealed 85% of organisations using multiple data protection vendors see a benefit in reducing their number of vendors. Furthermore, it revealed that organisations using a single data protection vendor incurred 34% less cost recovering from cyberattacks or other cyber incidents than those who used multiple vendors.
Verifying your identity using MFA reduces the risk associated with unauthorized access to your accounts, should your passwords ever be compromised. Fordham’s MFA service is provided by Duo Security, a trusted company used by many higher education institutions.
All active online accounts (students, faculty, and staff) are required to enroll in MFA. You will be asked to enroll in MFA via an email sent from Duo Security or when you first encounter an MFA-enabled application through a browser. You are strongly urged to enroll multiple phones and devices as a backup. If you need assistance with any aspect of MFA, please contact the IT Service Desk.
- Information Technology. Fordham University, 2022.
Gone phishing: How cyber criminals hook unsuspecting victims with scams
- Knight, Deborah. CommBank, 2022.
“Education is absolutely key and education should happen in a number of ways… we talk about cyber hygiene these days, and that’s things like using strong passwords and making sure you have multi-factor authentication on all of your important online accounts.”
Scammers were able to steal $100,000 from Mr Heathcote, intervening in a car transaction deal, in a “very sophisticated email trail.” This scam not only convinced Mr Heathcote, but also tricked the car dealership as well.
“Usually a phishing email is aiming to either get a user to open something that puts malware onto their computer to compromise it – we’re all familiar with dodgy email attachments,” he says.
Utilizing a VPN to protect your company’s remote network access is a standard procedure in many organizations, and the WatchGuard VPN is one of the most popular options on the market. But is your VPN as secure as it could be? If your VPN doesn’t have Multi-Factor Authentication (MFA) implemented, you could be at serious risk for a data breach or ransomware attack.
MFA is a log-in process that requires users to provide more than one type of access credential in order to prove they are who they say they are. In most cases, users are asked to provide something they know (like a password) and something they have (like a one-time password generated by a hardware or software token in their possession). It can also include something a user “is”, such as a biometric identity, and passwordless authentication has been gaining ground as a way to remove the “something you know” factor from authentication entirely.
- Bennett, Lucy. iLounge, 2022.
What Is Zero Trust and Will It Change Security Forever?
- Maayan , Gilad Maayan . readwrite, 2022.
The demand for products supporting zero trust is continuously growing. The global zero trust market is likely to double in five years, projected to reach over $50 billion in 2026. The main factors driving this market are the frequency of targeted cyber attacks, new data protection regulations, and information security standards.
Many organizations are adopting a centralized approach to identity and access management (IAM), a key component of a zero-trust architecture. Companies are increasingly implementing IAM technologies and control mechanisms like multi-factor authentication (MFA) and single sign-on (SSO).
MFA is a layered approach to securing your online accounts and the data they contain. When you enable MFA in your online services (like email), you must provide a combination of two or more authenticators to verify your identity before the service grants you access. Using MFA protects your account more than just using a username and password. Users who enable MFA are significantly less likely to get hacked, according to Microsoft. Why? Because even if a malicious cyber actor compromises one factor (like your password), they will be unable to meet the second authentication requirement, which ultimately stops them from gaining access to your accounts.
MULTIFACTOR AUTHENTICATION
- CISA, 2022.
What Is Multi-factor Authentication and Should You Use It?
- Jongkil Jay Jeong, Ashish Nanda & Syed Wajid Ali Shah . How Stuff Works, 2022.
Having more rigorous security measures when logging in can help to protect your accounts, and significantly reduces the likelihood of many automated cyber attacks.
Multi-factor authentication (MFA) is a security measure that requires the user to provide two (also known as two-step verification or two-step authentication) or more proofs of identity to gain access to digital services. This typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something you are (fingerprint or other biometric).
Passwords clearly are not enough to protect networks. Any security guidance will tell you that multi-factor authentication (MFA) is a key method to keep attackers out. But what type of MFA should your firm deploy? Choosing multi-factor tokens and tools depends on your firm, your needs, and how attackers are likely to target your firm. Planning ahead will minimize deployment and migration issues when new tokens or new phones are issued.
These are the most important considerations when choosing an MFA solution.
Top considerations when choosing a multi-factor authentication solution
- Bradley, S. (2022). CSO.
Multi-Factor Authentication
- Chervek, E. (2022). SDX Central.
Multi-Factor Authentication (MFA) is a security tool used to help keep your online accounts more secure from cybercriminals. It gets its name because it requires two different types of authentication factors:
-
Something you know. This is your password.
-
Something you have. This is often a separate email account, cellphone, or time-based one-time password (TOTP) application (Google Authenticator, Microsoft Authenticator, etc.).
MFA is a simple process that will give your data in your CDPHP member account added protection. When you log in to your member account, you’ll be prompted to complete your multi-factor authentication before being taken to your home page.