Modern security systems are subject to thousands of requests from illegitimate sources hoping to gain access to secure systems every day.
Password based authentication has been the standard for signing into networked and non-networked services for decades. As the internet has grown, more and more data is stored behind passwords so incentive for malicious attackers to attempt to gain access to these accounts has increased.
Password security has come a long way in a short space of time. A range of best practices for creating and storing passwords has been implemented to ensure attackers are not able to easily guess or brute force (trial and error) passwords.
For password creation, we commonly see rules for minimum password length, password complexity, and password blacklists. Unfortunately, with all these requirements it makes remembering the password difficult for end users. It is commonly recommended that users use a different password for every website they sign up to however in reality how sustainable is this long term?
All these requirements make it more difficult for attackers to simply guess easy passwords. This has led to hackers getting more creative in how they compromise accounts.
In the Cyber Security Breaches Survey 2022 carried out by the UK government (https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022) Phishing was the most common threat vector facing organisations at 83%.
Phishing attacks send emails out posing as legitimate sources in hopes that unsuspecting users won’t have a problem entering their credentials into a clone site. After a user enters their credentials, they may be redirected to the real site being none the wiser. In the background the attacker could be accessing emails and scanning internal documents looking for sensitive information to further breach the company.
This is where Multi-Factor Authentication (MFA) can come into play. MFA introduces a second One-Time-Password sent via text or generated through an app linked to an account. These passwords create a second line of defence against these types of attack. Even if an attacker has been able to acquire the user's password through phishing or more traditional brute force methods, they will still be unable to access the users account without receiving the second piece of information which is unique to each login attempt.
In IBMs recent report (https://www.ibm.com/uk-en/security/data-breach) The average cost of a data breach in the UK is over £4.5 million and phishing attacks like the above being the most common attack vector. Microsoft claimed in their 2019 blog post (https://www.microsoft.com/en-us/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/) that MFA helped block 99.9% of attacks when enabled on their platforms.
Despite MFA being an extremely effective way to prevent data breaches, overall take up of MFA has been slow with Microsoft reporting that only 22% of enterprise customers had adopted strong MFA mechanisms (https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1-218.pdf) earlier this year.
The cloud has introduced numerous possibilities for businesses in terms of greater efficiency surrounding data storage, disaster recovery and security.
Read More
Having a sufficient IT infrastructure is a fundamental component to any organisation that wants to function efficiently and effectively in this economic market.
Read More
Could your business benefit from a complete networking system? Find out what it is and how it could make a difference to business productivity.
Read More