According to a Gartner report, end-user spending on public cloud services topped $257.5 billion in 2020. This figure is forecast to grow by another 18.4% in 2021 – totaling $304.9 billion. However, as we go further into the inevitable, cloud-based future, we are also increasingly being exposed. Implementing MFA best practices is one way to limit the threat to people, businesses, etc. when working online.
User credentials have always been a soft target for cybercriminals to exploit. They can be obtained through a variety of methods, using either malware or social engineering. Once obtained, they also allow threat actors to operate freely within an organization’s systems, without raising any red flags.
There are a number of reasons why implementing secure sign on practices is becoming increasingly important:
- Remote/hybrid working environments are becoming increasingly common
- The internet and other networked infrastructure is increasingly becoming an essential part of business operations
- As cloud adoption grows, the number and variety of platforms we use are growing
Cybercriminals are all too well aware of these trends and are ready to abuse them in order to launch attacks against individuals and organizations.
In Response to the Current Cybersecurity Threats, LIFARS is Offering New and Innovative Remote Cyber Defense Solutions: The Daily TRUTH, Short-Term Incident Response Retainer, Remote Worker Cyber Resilience.
Alex Weiner of Microsoft has come out to say that MFA can make accounts using their OS 99.9% more secure.
However, even MFA is not foolproof by itself with a high-profile MFA bypassing incident involving Microsoft 365 as well as an FBI security advisory underlining the fact. Security experts can’t rest on their laurels and must maintain MFA best practices to maximize the effect of this technique.
Make MFA Ubiquitous
Your network is only as secure as its most vulnerable endpoints, users, or accounts. Only securing certain portals, technologies, or platforms with MFA but not others doesn’t do much to alleviate your overall threat. Hackers often exploit a single entry point to spread laterally within a network and find additional opportunities to escalate privileges and access more data. All assets should be covered with MFA, including cloud and on-premise applications and resources, servers, endpoints, and privileged commands.
Implement True MULTI-factor Authentication
2FA (Two-factor authentication) is the most common application of MFA. On top of a password, it usually involves an OTP or ACT token sent to via SMS or email account. However, this is a least-effort implementation of MFA that is also not waterproof, having been easily bypassed in the past.
There are more advanced MFA technologies to leverage, such as physical tokens or biometrics. No longer of the future, biometric fingerprint/facial scanning is even built into most leading smartphones and tablets today. Using a variety of MFA techniques or going beyond 2 layers of authentication where appropriate can drastically increase its effectiveness.
Don’t Rely Solely on MFA
Building on our first best practice, even the best MFA security nets can be bypassed thanks to human error or an exceptionally skilled/determined hacker. In this case, you want other failsafes in place to limit the potential for an infiltrator to spread their influence or escalate privileges.
Firstly, you should always enforce proper account and privilege management built on principles of least privilege. Regularly review your policies regarding who has administrator privileges and enforce even stronger authentication measures on these accounts.
Making phishing awareness training a part of your overall security operations is also crucial to empower stakeholders to not fall victim to credential stealing attempts in the first place. As is using encrypted communications and other techniques to harden your network against man-in-the-middle-type attacks.
Combine MFA and SSO (Single Sign-On)
Counterintuitively, single sign-on has been found to improve security and compliance, particularly in complex, interconnected cloud-based infrastructure. While you might be rightly concerned that SSO will automatically give an attacker ubiquitous access after successfully stealing credentials, the benefits outweigh the risks:
- The frustration of having to repeatedly log-in to separate platforms/accounts fosters a habit of cutting corners
- Users often use unsecure methods to manage multiple passwords or credential combinations
- Every time a user needs to re-enter their credentials, it’s another opportunity for those credentials to be stolen
- SSO makes account management and provisioning easier, minimizing the possibility of human error