What if we told you there was one simple action you could take that would protect against 99.9% of attacks on your company. Well you are in luck because there is. The number 1 objective of security threats, whether it is malware, ransomware or phishing, is access to your login details to extract data or money. The only sure-fire way to protect against this is Multi-Factor Authentication.
Zero trust approach
Zero trust security is based around the idea of moving from a secure network to access and users. You remove any trust that a login or device is secure and you do this by forcing someone to access another device or password to authenticate that it is a legitimate request. In essence showing zero trust in the initial request until it is verified by a second source.
Microsoft get more than 300 million fraudulent sign-in attempts across their services every single day, that is 109 billion attempts per year. That is a lot of attempts, even with the most secure password in the world you could still see how at that volume they could crack it.
What is more worrying is that is just on Microsoft cloud services, the real concern for many organisation’s is legacy applications, where old user logins may still be active but without anyone knowing about it, meaning a password could provide critical access.
Most common vulnerabilities
- Business email compromise, where an attacker gains access to a corporate email account, such as through phishing or spoofing, and uses it to exploit the system and steal money. Accounts that are protected with only a password are easy targets.
- Legacy protocols can create a major vulnerability because applications that use basic protocols, such as SMTP, were not designed to manage Multi-Factor Authentication (MFA). So even if you require MFA for most use cases, attackers will search for opportunities to use outdated browsers or email applications to force the use of less secure protocols.
- Password reuse, where password spray and credential stuffing attacks come into play. Common passwords and credentials compromised by attackers in public breaches are used against corporate accounts to try to gain access. Considering that up to 73 percent of passwords are duplicates, this has been a successful strategy for many attackers and it’s easy to do.
Multi Factor Authentication
Multi-Factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber-attack.
With mobile devices, SMS authentication and authenticator apps from Google and Microsoft it has never been easier to use MFA.
Taking advantage of Azure Active Directory across your applications will allow you to easily login with Microsoft and use MFA, allowing administrators to define what secondary verification will be allowed and enforcing it across your organisation.
Discover our full range of cyber security services or to learn more about applying Azure Active Directory and MFA in your organisation then please contact us today.