Cyber-attacks have become even more alarming for organizations of all sizes. In a recent event, hackers attacked the second subsidiary of Singapore Telecommunications Ltd (Singtel), the company said, raising questions about whether the Southeast Asian telecom giant was being targeted.
In a filing with the Singapore Exchange, Singtel included a statement from Dialog, an Australia-based IT services consulting company it acquired in April, confirming that “an unauthorized third party may have accessed company data”.
The unauthorized access was detected on September 10, and on October 7 it was discovered that “a very small sample of Dialog’s data, including some employee personal information, was published on the Dark Web, ” the company said.
Read more on: Second Australia-based Singtel subsidiary hacked.
The impact of these cyber-attacks and the potential aftermath can be costly, operationally devastating, and have long-term ramifications. With the theme “See Yourself in Cyber” for 2022, Cybersecurity Awareness Month, now in its 19th year continues to build momentum and impact co-led by National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA).
Let’s talk about MULTI-FACTOR AUTHENTICATION (MFA) on how it can best safeguard your systems and data in the current cyber threat landscape.
WHAT IS MULTI-FACTOR AUTHENTICATION (MFA)?
Multi-factor Authentication (MFA) is an authentication technique that requires you to validate your identity with multiple verification procedures, including answering security questions and presenting proof of identity and biometrics. MFA requires additional credentials rather than the standard username and password to authenticate the user and provide access to a system, network, account, or website.
For example, when using your debit card for any monetary transactions you usually receive notifications via email or text message, or OTP to verify the legitimacy of the transaction or to prove that you are who you say you are. You may or may not know but these actions are already part of Multi-Factor Authentication.
Fundamentally, Multi-Factor Authentication (MFA) offers an extra layer of security that we all need to protect ourselves and our organizations from cyber-attacks.
Multi-Factor Authentication methods include:
There are three main categories of identification that can be used for Multi-Factor Authentication
- Something You Know – Identification that we typically use, such as passwords, PINs, security questions, etc.
- Something You Have – Any valid proof that you have that can prove you’re you, such as a driver’s license, passport, hardware tokens, soft token, etc.
- Something You Are – Also known as biometrics, for example, fingerprint, voice, and facial recognition.
Multi-Factor Authentication (MFA) can be done through SMS/Text messages, Phone calls, Email, Biometrics, and Security questions but these can vary in security level/ and complexity of your system.
Multi-Factor Authentication (MFA) can help prevent some of the most common cyber-attacks
Learn how MFA protects us against cyber-attacks, and find out how it works:
- Phishing
- is a type of cybercrime in which a target or targets are approached via email, phone, or text message by someone posing as a reputable organization to trick people into giving sensitive information including passwords, banking, and credit card information.
- Spear Phishing
- a type of cyberattack, to target individual victims’ devices with malware or steal their account details or financial information. Attacks using spear phishing are incredibly successful, hard to stop, and highly targeted.
- Keyloggers
- Keyloggers are a particularly sneaky kind of spyware that may record and collect human input on a device, including multiple keystrokes in succession. But keyloggers also offer thieves the ability to spy on you, observe you on your system camera, or hear on the microphone on your smartphone.
- Credential Stuffing
- is a cyber-attack in which credentials gained from a data breach on one service or organization are used to attempt to log in to another unrelated service.
- Brute Force & Reverse Brute Force
- Brute Force attack is a type of hacking method that uses trial and error to crack passwords or any other login details. In contrast, a Reverse Brute Force attack is an indiscriminate attack in which the hacker tries one password or PIN on as many accounts as possible.
- Man-in-the-middle (MITM)
- a cyberattack known as a “man-in-the-middle” (MITM) occurs when a threat actor inserts himself between two parties, often a user and an application, to intercept their communications and data transfers and exploit them for illegal activities like hacking or making illicit purchases.
How does Multi-Factor Authentication (MFA) defend against cyber-attacks?
Enabling Multi-Factor Authentication makes it more difficult for cybercriminals to log into your systems and access personal and company data fraudulently. This adds an extra layer of security on top of simply logging in with your traditional username and password.
Benefits of having Multi-Factor Authentication:
Offers greater security
Increased security posture is one of the main advantages of MFA. Multiple cyberattacks, including phishing, brute force, man-in-the-middle, credential stuffing, and keylogging are addressed by MFAs.
Minimizes legal risks
MFA lessens the possibility of system outages and cyberattacks, preventing breaches that can result in legal action being taken against you or your business.
Reduces the impact of password offenses
Today’s cyber landscape has become challenging to practice good password hygiene across all services. Password reuse and weak passwords are highly common because customers and employees must manage several user credentials every day. Having MFA gives users a safe backup option for protecting their data.
Improves usability
With MFA users can now employ advanced hardware features on their phones, such as the fingerprint scanner, to verify themselves rather than just typing in the login credentials. Thus, it improves the user experience and saves time at the same time.
Easy to implement
Multi-factor authentication is non-intrusive. It has no impact on an organization’s or institution’s other virtual spaces. Additionally, you or your employees can utilize MFA because of its straightforward user interface.
Implementing MFA properly allows us to safeguard against malicious actors and our tendency to misuse passwords.
Final Thoughts
Multi-Factor Authentication cannot ensure that all cyber-attacks will be stopped. However, it can assist in securing email access, safeguarding your sensitive data, and reducing credential theft.
KEY TAKEAWAYS
- When it comes to MFA has many possibilities, some of which might not work for you and your staff. A smart method to approach training is by involving your team in the implementation process, learning what works for them, and having them test several possibilities. By involving them early on, you can promote positive engagement.
The information security industry considers several MFA techniques to be outdated since they are simpler to counter, like codes given by SMS. SMS notifications can be intercepted and delivered to an unauthorized recipient. It is preferable not to have a notification if SMS is the sole option.
The finest MFA practices of today might not be the best MFA practices of tomorrow. The cyber security threat landscape is dynamic and ever-changing. As a result, organizations need to undertake regular assessments to ensure that MFA technology continues to suit individual and organizational needs.
As an individual in this current cyber threat landscape, it is preferable to use and utilize Multi-Factor Authentication to prevent hackers from retrieving your data. With the necessitating increase in security against cyber-attacks Multi-Factor Authentication is one of the basic ways you can secure your information.