Why should businesses use MFA?

What is Multifactor Authentication (MFA)

Did you know that elephants are one of the most protective animals on the planet towards their young? They only have one calf at a time typically, and carry for almost two years. When born, the mother receives help in protecting the calf, from all the mothers within the herd.

Octopuses, Orangutans and Kangaroos all have highly developed, differing but effective, ways of protecting their young. So, what can humans learn from that? It would appear quite a lot when it comes to our computers and IT stuff. We don’t appear to be very protective of the information we hold within them.

Experts estimate that there are some two million cyber attacks every day. Microsoft’s Defender anti-malware programme intercepted 35.7 billion phishing emails in 2021. The company’s Azure Active Directory detected and blocked more than 25.6 billion brute force attempts in the same year. According to its 2022 “Cyber signals report”, only 22% of businesses secure their data using MFA. Microsoft further reports that users who do not use MFA are ten times more likely to be cyber attacked.

Why should businesses use MFA?

One of the simplest tools for getting onto your network in a hacker’s tool kit, is the common all-garden password. Using password spraying techniques, cybercriminals use brute force login attempts, using usernames and common passwords to log onto your network.

123456 has been the most common password for 6 years in a row,

with password and qwerty, in quick succession.

There are lots of hackers out there, all doing bad stuff. Cyber criminals are not young funky whizz kids, sitting in a dark room, guessing what your password is and, in a stroke of genius ‘guess right’. They employ computer programmes, to do the work for them, and cycle through multiple username and password combinations. Eventually, their efforts reward them with the information.

There are three key strategies that cyber criminals use to exploit human and security vulnerabilities to enter your business system:

• Phishing – sending emails that are fraudulent. Allegedly sent from a bonafide company, or staff member; they are designed to get you to reveal your personal or business information, like credit cards or passwords.
• Exploiting vulnerable internet systems: possibly insecure wi-fi points or poorly configured firewalls, for example
• Through remote desktop protocols, using brute force guessing

Using your ill-gotten personal information, hackers will leverage the data stolen. They will apply for credit or debit cards, transfer funds, file fraudulent tax returns, use your health insurance, rent a house in your name, commit crimes using your identity, or seek a ransom for the information stolen, to mention only a few.

“Identity is the new battleground, but most are unprotected against attacks”

Microsoft