MFA – How it will protect your business from 99.9% of Cyber-Attacks

That’s an incredible claim, right? Out of every 1,000 Cyber-Attackers, you’ve ensured that 999 completely fail to gain any purchase with their outdated tactics in one fell stroke.

Have you heard of Multi-Factor Authentication before? Over the last few years, many popular businesses like Facebook and Microsoft have been slowly edging closer towards it, a little more forcefully every year.

They do this for good reason. MFA is an incredible way of fortifying security with minimal setup or considerations needed, and by adding the bare minimum complexity imaginable to the employees who have to interact with it.

If you’d rather watch a short video on MFA than read this blog, I’ve included our minute-long YouTube video.

Why should I care about MFA?

Over the last decade, the number of Cyber-Attacks has increased dramatically, and the sophistication of their attacks is ever-evolving.

Complexity in passwords was never meant to stop Cyber-Criminals from breaching accounts. These days all it does is slow that process enough in hopes that they find it inconvenient enough to take the time and costly resources to try to breach you, in hopes of finding someone else with an easier account to breach.

Here are a handful of methods hackers use to pinch your passwords. Notice just how little of them are hindered by how complex your passwords are:

  • Credential Stuffing – This likely way your password could be gathered is, that if a website you have an account with is breached, your password can simply just be made public. And if you re-use passwords for different accounts, you may be personally breached in every other service.
  • Viruses – If a Cyber-Attacker can manage to place malware on your device, they can see every single thing you type, including your passwords.
  • Phishing – The majority of modern Cyber-Attackers these days rely on this technique, in which they simply pretend to be someone trusted. A co-worker, a client or a manager, and ask for confidential details.
  • Brute-Force attacks – This is what password complexity is for. Using this method, hackers will attempt to guess your password with every combination possible. If you use a simple password, like Admin, or Password1!, it will likely take seconds. But complex passwords could take as long as years

Now knowing this, the question occurs: So what do we do if all of our defences fail, the attackers get our password, then waltz in the front door? Is there anything stopping them from playing around after pinching that password?

If you’d like to learn more about how Hackers nab your login details, I’ve linked one of my blogs below.

What is MFA?

MFA is the modern ‘silver bullet’ of Cyber Defence combating this issue. No longer do passwords need to be the only gate stopping anyone from logging in as you. Just with the complexity of pressing a single button when logging in, all of the above methods hackers use can be defeated.

Actually combating MFA is an incredibly complex task, requiring skills and targeted focus that only the rarest Cyber-Attackers can muster. Especially considering that defeating MFA would need personal effort and expensive resources.

Multi-Factor Authentication itself is a simple process: To log in, a person enters their username. Then their password. Then presses a button on their phone. That’s it. No matter how determined a hacker can be, if they don’t have your phone on hand, it doesn’t really matter if they have the passwords of everyone in your organisation.

These days, there are a lot of ways to set up MFA, based on what is convenient for you, or your business. Here’s a list of a few methods you could choose to set up. Any of them being the silver bullet that defeats 99.9% of Cyber-Attacks.

  • You could receive a 6 digit code via email when trying to sign in, that you enter.
  • You could have an app on your phone with a big button that you press when you log in
  • You could have a number that changes every 30 seconds that you can enter when you log in.
  • Some people have a little device you can plug into your computer and press, which enters your MFA code.
  • My personal new favourite is a secure website which sets up those 6 numbers for any service you have.

You don’t need a million keys. No new passwords to memorise. No hundred apps to set up. Just three seconds to press a button, and you’ve made your business a Cyber-Fortress.

If you’re curious about other alternatives you could consider to fortify your Cyber-Defences, here’s a blogpost on 11 of them!

So what does the future hold?

MFA used to be the new tool – the greatest tool, and it’s still very much the easiest patch to shore up Cyber-Defence, but time never stands still for a single month. There is, and will always be that new and upcoming tool to stop that highest tier of hackers from bypassing today’s best standards, that companies which specialise in Cyber-Security push with everything they have.

Have you heard of Passwordless? 99.9% of Cyber-Attacks are blocked by MFA. The vast majority of breaches occur because of a stolen, or weak password. So why not just remove the password part, and keep the MFA? Nothing’s stopping it.

If you remove passwords entirely and rely on fingerprint, or retina scans, Hackers can be just stumped on how to proceed. While fingerprint scanners are a bit of an investment, there are many easier methods to implement this. How about, instead of a password, you just have an app which has 6 numbers that change every few minutes you use to sign in.
Just like MFA.

If you’d like some help setting MFA, or have any questions about Cyber-Security, feel free to contact us, and set up a (free!) Consultation. If you’d like to find out more on what we recommend a new Start-Up should know, here’s another related post:

– Thanks for reading, Dylan IT Apprentice

Sources & Attribution
All statistics are gathered from the following sources

Leave a comment