Multi-factor authentication is the easiest way to prevent breaches

Date: 2021-08-17
Author: Chin Jien Lau, Technical Consultant

Previous << Hardware Based PKI Webinar

The biggest headline-grabbing cybersecurity breaches often originate in North America and Europe, but as we all know cybercrime is a global problem, and the same commonsense approaches to cybersecurity are applicable around the world.

In the ASEAN region, where I lead the Versasec office in Malaysia, there have been many notable data breaches like Astro, a Malaysian satellite television and IPTV provider. In that hack, subscribers’ names and ID card numbers were leaked. In another well-publicized hack, information from around 30 million passengers including passport details, home addresses and phone numbers were stolen from Malindo Air, owned by Indonesian Lion Air Group, a Malaysian premium airline. In nearby Indonesia, the e-commerce platform Tokopedia suffered from the theft of information from 91 million accounts.

While this is a competition no one wants to win, Western Europe and North America certainly don’t hold the monopoly on hacks.

In the cases of cybercrime in my region, most hacks are attributable to phishing and password fatigue with users failing to change passwords or falling prey to hacker’s email requests. The human element is the most common source for cybersecurity breaches.

In the incidents I’ve cited, multi-factor user authentication (MFA) — and hardware-based MFA in particular — would have prevented the breaches. Hardware-based MFA takes security to the next level where users rely on more than just passwords. That means authenticating themselves based on multiple factors including “something you know,” such as a password or identification card number; “something you have,” such as an ID badge or smart token; and finally “something you are,” such as a biometric signature like a fingerprint or retinal scan information.

When coupled with a proper identity and access (IAM) system logging all authentication and access instances, companies that use MFA create a more robust ecosystem that allows access only to genuine users with verified access privileges. It also creates an audit trail of what users did while on the system, such as making system configuration amendments.

MFA would have prevented the breaches discussed earlier. The single factor stolen user PINs would have remained useless without the other access factors required, including the smart token and the biometric information.

What we’re also seeing in many parts of the world is that with MFA implemented correctly, many IT administrators are even disabling some well-entrenched password policies such as regular password expiration, which is one of the main causes of password fatigue.

Want to learn more about how Versasec can help with managing your MFA solutions? Drop us a line by clicking on the CHAT button here:

Photo by Luther.M.E. Bottrill on Unsplash

This post was first first published on Versasec Blog’s website by . You can view it by clicking here