If you think multifactor authentication (MFA) is the beall and endall security solution for your business, you might want to think again. New research from IDEE found that despite having MFA deployed, many firms still suffered devastating data breaches.
The company recently surveyed more than 500 IT and cybersecurity professionals working within UK businesses. Of that number, 95% have deployed some form of MFA. Still, less than half (44%) did not suffer a cybersecurity incident in the past year. While 13% suffered just one breach, 17% suffered at least two, and the same percentage has had 3 in the same timeframe. Together with 5% of firms who suffered four breaches, and 3% that had five, that makes up more than half (56%) of all surveyed organizations.
Consequently, just 46% of cyber professionals described MFA as “highly effective”, while half (50%) said it was only “somewhat effective”.
SIMswapping and code relay
Multifactor authentication is a security model in which a user needs more than just a password to authenticate on a platform. Usually, they would either have a code sent to their phone number via SMS, or would read a code from a security app or a physical token. Of these three models, the SMS model is generally considered the least secure one, as hackers (especially statesponsored and advanced persistent threats) are able to SIMswap and have the platform send the codes to their phone numbers, instead.
Other models can be tricked, too, usually through phishing pages that impersonate the authentic login page and are able to relay the MFA code from the victim device to the targeted platform.
“The clock is ticking – it’s time for businesses to deploy authentication methods that can mitigate passwordbased, credential phishing and adversaryinthemiddle cyber threats that leverage ‘credentials’ as the initial access vector,” said Al Lakhani, CEO of IDEE.
+“This means investing in solutions grounded in strong digital identity proofing and transitive trust, in turn allowing businesses to improve their security and productivity with minimal time and resources. Let’s hope this data shocks a few more organizations into muchneeded action.”