Cyber attacks against businesses large and small are on the rise as hackers devise new ways to access and steal data. From ransomware to distributed denial of service (DDoS), two facts are of particular concern:
- The credentials used, most commonly passwords, are responsible for 61% of data breaches.
- Almost half of all cyber attacks target small and medium-sized enterprises (SMEs) which are less well equipped to recover from the damage.
Because SMBs inherently lack the cybersecurity resources of large companies, they are seen as a handy fruit by cybercriminals. And the consequences of a data breach for an SMB can be devastating and long-term: Most SMBs are unable to recover from an attack, and 60% file for bankruptcy within six months of a breach.
A new statistic is hopeful: According to a recent study, organizations that use multi-factor authentication (MFA) are 99.9% less likely to experience a breach than those that don’t. Yet while most IT decision-makers are aware of the threats, around 67% of pen-tested companies in 2020 don’t use MFA for any of their connection points.
So why aren’t more SMBs using multi-factor authentication? Is resistance to AMF due to misunderstanding, misinformation or the perception of a downside? And how can it be overcome? We’ll explore the benefits, challenges, and common misconceptions of MFA regarding SMEs using MFA, but first, an introduction to MFA:
What is MFA and how does it work?
MFA is a method of protecting an access transaction by using several (often two) factors to verify the identity of a user. MFA, aka Two-Factor Authentication (2FA), goes beyond vulnerable password authentication by requiring two or three forms of identity:
- Something that you are– biometric data such as facial recognition, fingerprints, retinal print or even speech and typing patterns.
- Something you know—Passwords or facts about your life or family history.
- Something that you have—A device you have, such as a phone or a security key.
How the AMF works:
- A user logs in with their password (something they know).
- The user is invited to satisfy the second factor he has chosen, which can take the form of: