IT, Communications & Cyber Security Blog
What’s Better Than MFA?
Is your desk littered with multi-colored Post-it Notes where random passwords are jotted down and immediately lost in a growing pile of important reminders? Does resetting your password every 90 days make you want to scream into a pillow? If you are repeatedly embarrassed by your (what's the opposite of elephant?) memory skills and must ask your IT department to reset your password, yet again—this article is for you.
While you may consider yourself a trusted user, your organization treats you like a stranger every time you log into their network. They are trying to protect their business from unauthorized access—but instead, many processes implemented to promote security result in decreased productivity and annoyed end-users. Employees are human, and it is our nature to balk at seemingly excessive access restrictions. Frustrated employees find workarounds to get their job done, little cheats like sharing credentials and logging into borrowed accounts, all in the noble pursuit of getting work done faster. But that puts the business at tremendous risk.
Multi-factor authentication (MFA), once the standard for identity protection, is no longer the secure verification tool it once was. Even LastPass, a password management company, was breached in August 2022 by a hacker who impersonated a developer to authenticate MFA to get into their dev environment. While no customer data was stolen, the breach highlights that MFA alone is no longer enough to combat human error. CISA (Cybersecurity and Infrastructure Security Agency) now recommends "phishing-resistant" and "numbers matching" MFA. Iterations of MFA and other user verification tools are part of a larger risk management strategy called Identity & Access Management (IAM).
"As in many other data breaches, a password seems to have been central to the attack. A hacker is said to have gained unauthorized access to GoDaddy's "legacy code base" for managed WordPress sites using a compromised password. It is unclear whether the password fell into the hands of the cybercriminal as the result of a phishing attack, or because it was weak, or had been reused"
Password management and identity protection are big businesses. Must-have identity verification tools and processes like single sign-on (SSO), MFA, and password managers with encrypted password vaults may help protect your identity, but they are not invulnerable. Hackers are clever, their skills constantly evolving, and the tools you invested in yesterday may fail to give you the value you deserve today.
How can any organization stay safe? By applying consistent access and asset security across all threat vectors.
WWCS offers FREE Security Scans for organizations to uncover 'pain points' and assess the reliability and security of their IT infrastructure. We understand that your security landscape has expanded to the cloud, your endpoints have multiplied, and undetected vulnerabilities are putting your organization at risk.
While valuable, single tools like Identity and Access Management are not enough to protect the organization. The Security Scan can give you the insight you need to make the right IT decisions and protect your business outcomes.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
Comments