Cyber-attacks are changing. Firstly, they’re becoming more frequent; cybercriminals increased their focus on small to medium-sized businesses at an inordinate rate of 425% between 2017 to 2018. This combined with increasingly sophisticated methods is resulting in more cybercrime than ever.
So, what does this mean to you and me?
The rising risk has led to the development of improved security technologies such as multiple-factor authentication. Let’s look at what has led to this technology and how multi-factor authentication works.
The measures available to protect your network, which were effective in the past, are now fast becoming redundant. In Microsoft’s breach investigation report, they determined that over 75% of network intrusions originated from exploited weak or stolen credentials, including passwords.
But don’t worry, you’re not alone. We’re all guilty of reusing the same login credentials for multiple sites and services. Remembering multiple passwords is a huge pain. But using one password means a single security breach will all your accounts vulnerable.
Systems which aren’t sufficiently protected provide hackers with access to vital information sinks like emails and social media logins. These accounts can contain limitless amounts of personal and corporate data which can be used maliciously against you, your company and your customers.
As of late 2017, if data on your customers is stolen then you could liable for a maximum fine of £17.8m or 4% of global revenue – whichever is greatest. In July the ICO made an example of Marriot International by fining them $99m. This followed an investigation on a data breach in 2014. In this it wasn’t Marriot themselves, but a company they acquired which had the data breach. Their lack of due diligence cost them severely.
Most businesses are smaller than Marriot International. For some, a fine that severe could be the day they stop trading for good.
For any business, acquiring and retaining customers is its lifeblood but studies show that 70% of individuals would stop doing business with a company that experienced a data breach.
This can be devastating for small to medium-sized companies.
So, how are you supposed to stop hackers attempting to siphon your company data?
However, even when considering these methods. Relying on passwords alone simply doesn’t provide you the protection needed in today’s cyber climate. Quoted by Microsoft, multi-factor authentication, MFA, blocks 99.9% of account hacks achieving near-complete protection.
The problem with solely relying on a user ID and password is the requirement to hold those passwords in a database. If that database is captured, the hacker will be able to gain access to your data very quickly. In cases where the hacker cannot access your database, they may result to ‘brute force’. This is where a computer tries every single alphanumeric combination possible. This combined with the fact computational power doubles every 18 months and shows no signs of slowing down. With some specialised hardware now able to produce 500,000,000 passwords, every second passwords themselves may soon become redundant.
So how does Multi-Factor Authentication (MFA) work?
Multi-Factor Authentication (MFA) stops hackers by initiating a process of authentication. It does this by strengthening security by combining two or more verification methods called factors.
What does an MFA process look like?
A typical example can be seen when logging into your mobile banking. Combining a possession and inherence factor, Smartphone and fingerprint you can access your banking through a mobile phone. This is called Dual Factor Authentication. Some security systems may use an additional location factor for authentication because for a customer, it is physically impossible to sign onto your mobile bank in the UK, and then in Ukraine 30 minutes later.
Taking some time out to set up a layered security system is a worthwhile investment, for yourself and your clients. Fines and reputational damage occur frequently and impact businesses for the long term. It’s just not worth it.
Contact Systems IT for more information about Multi-Factor Authentication can be used in your business.