In 2021, businesses will be hit by ransomware every 11 seconds. Phishing and spear phishing continue to be the number one infection vector and administrators are quite often the target. Of course, in many large organizations, the administrators that control resources and access to data are well aware of these threats and can avoid this trap. In many small-to-medium businesses, it's much more of an issue for admins. And, when admins seem difficult to compromise, cybercriminals can still attack users with higher privileges and then escalate to the admin level where they can do serious, lasting harm.
In ransomware incidents and other kinds of extortion attacks, cybercriminals encrypt business-critical data and delete the backups that would serve as a method of recovery. They then demand a ransom to decrypt data with the threat that, if the ransom is still left unpaid, all the encrypted data, applications, and systems will be deleted. They can do many other malicious things once embedded in an organization's network, but this is one of the most common attack scenarios and it's on the rise.
Ransomware attacks like these typically start with stolen admin access credentials: login and password. We're assuming here that the company in question follows a good password strategy - passwords are strong and can't be brute-forced unnoticeably. In any case, after getting the required credentials, a cybercriminal can access various resources and execute operations to achieve their malicious goal.
While still very common security features, basic login and password credentials are no longer enough to protect business-critical data. That's why for the past several years, sensitive data has been protected by two-factor authentication (2FA) access.
What is two-factor authentication and why is it important?
Two-factor authentication is a type of multi-factor authentication that provides extra protection from unauthorized access to your account by checking a user's identity with a combination of two different factors:
- Something that a user knows (PIN or password)
- Something that a user has (token)
- Something that a user is (biometrics)
Anyone who uses online banking, any well-known email provider, messengers, and many other web or mobile services should be familiar with this system. 2FA is widely used in security because it quite effectively neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or phished as we explained above, it's no longer enough to give criminal access.
While many second factors can be used, one of the most popular is a time-based one-time password. Typically generated by a mobile app, this is a one-time password that expires quickly.
As we know there's no way to guarantee 100% security and 2FA is not an exception. An account can still be vulnerable via hacking through password recovery options, but these options are controlled in a business environment so the vulnerability primarily affects home users. Lost password recovery functionality of any service usually resets your password via email, completely bypassing 2FA. That's why email accounts should always be monitored for messages requesting password changes.
Multi-factor authentication adds an essential layer of protection, which minimizes the chance of an entire organization's hack thanks to the 2FA authenticator app on users' mobile devices.
As a full-suite IT and cybersecurity firm, Restech can help with your multi-factor authentication and security needs. Contact us to learn more.