• StrataFusion

MFA Identifies Hack of the Century

Businesses around the world are discovering that it’s the little things that get you, especially when it comes to securing business in the digital realm. From the innocent mistakes of human error and password management to mitigating targeted attacks and hacks, multi-factor authentication (MFA) is a security must for every organization.

So why don’t more tech leaders insist on using it to the fullest extent? Yes, we all feel as if those extra steps are annoying when you just want to log in and check email, but it’s better than adding months of post-breach work, losing weeks of sleep or having to explain an avoidable crisis to your Board of Directors. In fact, a study from the University of Maryland Clark School shows a breach happens every 39 seconds. With that sobering statistic, it’s crucial to consider the benefits of MFA. Such as the fact that you can still protect accounts even when usernames and passwords are exposed. MFA helps prevent lateral movement and privilege escalation when additional accounts are leveraged and is one of the most basic steps companies can take to add an extremely effective layer of protection.

MFA Identifies Hack of the Century

If setup correctly, MFA is one of the most effective security controls there is. Think about one of the biggest cybersecurity hacks of the 21st century – SolarWinds. Using a method known as a supply chain attack, hackers inserted malicious code into the Orion Software (developed by SolarWinds), which was then downloaded to customers as a software patch. This provided a backdoor into customer networks allowing bad actors to establish command and control, install even more malware and start covert reconnaissance looking for breach treasures. The now infamous security breach (aka SUNBURST) was detected by FireEye’s Mandiant Solutions, which identified the presence of bad actors trying to install a new device to a user’s MFA profile. But thanks to basic controls, and consistent monitoring of MFA, they were able to detect that the new device trying to connect via MFA was not a current user. This finding by Mandiant exposed the trojan that, during a period of 8-10 months, had been injected as malware into routine software updates that went out to as many as 18,000 government entities and Fortune 500 companies that were clients of SolarWinds.

The SolarWinds hack will continue to reverberate from command rooms to board rooms for the foreseeable future. It also will usher in broad change across the cybersecurity landscape as industries scramble to devise new methods to detect and stop attacks before they happen. Government agencies and organizations alike are learning that firewalls are grossly deficient. You must consistently and methodically hunt down vulnerabilities, plug the holes or create a traps for hackers.

Where Should You Start?

As the quiet hero of the ongoing SolarWinds drama, MFA is here to stay -- at least in our current digital reality, maybe the next tech transformation era will change that. Until then, it is crucial that companies and their technology and security teams understand the seven core components every cybersecurity program needs, then enhance with the trust and confirm approach to improve security posture.

Security breaches are going to continue, with MicroSoft being the latest headline. With that in mind, it's never been a better time to review your security controls, MFA deployment, put a monitoring schedule in place and understand the impact to your overall risk. We are here to help, so contact us today!