Have you noticed consumer and business sites including mobile applications requiring multiple steps to verify who you are? Perhaps you’ve set up a multi-step verification method to access your bank or personal email account? This security measure is growing in popularity as most data breaches today begin with a set of compromised credentials(username & password). From financial institutions to online stores to social media sites, many businesses now require multiple factors of verification to ensure a user is who they say they are. This method significantly reduces the chances of a cybercriminal successfully gaining access to their networks with compromised credentials .
Estimates put the profit from cybercrime at $1.5 trillion in 2018. Cybercrime is very lucrative which gives criminals the incentive to keep going. To keep the paydays coming, cybercriminals continually refine and alter their tactics and, as a result, more sophisticated and savvy attacks are on the rise.
At the same time, mobile has become the preferred starting point for many attackers. According to the RSA 2019 "Current State of Cybercrime" report, there was a 680% increase of fraud via mobile between 2015 and 2018. As mobile continues as a popular channel for cybercrime, your bank, your social media sites, and your favorite shopping sites are implementing more security measures to protect you and the sensitive data they possess.
In business, security in the cloud is a shared responsibility. Cloud applications vendors, such as Microsoft and Cisco, are doing what they can to keep the criminals from entering through the back door; which leaves you in control of whom you let in the front door.
Securing the front door is knowing who and what devices can have access to your data and apps where ever they may be. If your staff is like many end-users, they are likely using weak or the same passwords across personal and work accounts. In this case, there is little the application providers can do to keep your data from unauthorized access. However, your organization can control the front door by taking charge of its users' identities, its data on mobile devices, and control of the devices themselves (lost or stolen). Without this level of control, your business exposes itself to a myriad of unnecessary risks; ones that can be easily avoided.
With today's solutions, cost and convenience should no longer be an issue. Yet many businesses have not implemented certain security measures, such as a multi-step identity system like multi-factor authentication (MFA), in combination with some form of mobile device management solution as part of their cloud security strategies.
If you don't think you have data a cybercriminal would want, think again. Cybercriminals look to gain access to their targets by first compromising the fringes of the target's social and business circles—and then work inward. So, while you may feel you have nothing a cybercriminal wants, your identity is valuable to them as it can be a pathway to their main target and financial reward.
The narrative is all too common. The cybercriminal attacks an organization to get to the person who can execute large financial transactions. Once the organization is compromised, the cybercriminal tricks them into believing the email, asking for a $40,000 transfer, is legit and coming from the organization itself. Unfortunately, in a scenario like this, there are no good outcomes.
At Systems Engineering, we recommend our clients, particularly those in the Microsoft cloud, employ multi-factor authentication as a critical step to securing access to your cloud data. MFA utilizes multiple verification methods, such as credentials combined with a one-time code delivered via text, to validate the identity of the person trying to gain access to your network. This low-cost, effective security solution is one every business can use to prevent 99.9% of account compromise attacks and reduce their risk.
Learn how MFA works to successfully protect your organization’s employees, clients, and data. Read the MFA Guide.
Don't let another day pass without taking the necessary security steps to secure your front door. If you would like to discuss how MFA can better protect your business and the role it plays in a greater cloud security strategy, contact us at info@systemsengineering.com or 888.624.6737. Clients, please reach out to your Account Manager.