The world is a lot smaller these days, with an ever-increasing interconnectedness. With this ease of connection, digital sharing, and online transactions, more and more sensitive data is exchanged. Yet, with the prevalence of data breaches in the news lately, it’s surprising that many companies are complacent about the level of security afforded to their users.
It would make sense that extra layers of security should be in place for safe transmission. Of course, both companies and users themselves need to actually implement those safeguards to see any benefit.
What is Multi-Factor Authentication (MFA)?
Multi-factor authentication requires more than two layers of verification to confirm user identity or account authorization. Often, this comes down to identifying or providing information that theoretically only the user would know.
A recent survey of 2,600 IT professionals revealed that about 38% of larger corporations do not use multi-factor authentication (MFA), and neither do 62% of smaller to mid-sized organizations. While password policies are often in place, 49% of the larger corporations felt the policies are insufficient, and 48% of small to mid-sized organizations consider theirs “good enough.” Those policies are what require users to have numbers or special characters included in their passwords to improve their strength.
How Do These Breaches Happen?
An inside look into the hacking world and the preyed-upon vulnerabilities occurs at the annual Black Hat Conference, held in July earlier this year. Thycotic summarizes much of the crucial information gathered from surveys of the attendants, which if used properly and proactively, should help inform some of the security strategy necessary to safeguard against many data breaches.
31% of 250 hackers surveyed at the 2017 Black Hat conference said that thefastest and easiest way to access sensitive data is through privileged accounts (those with administrative access), while 27% indicated email access was faster and easier.
Those surveyed also identified who is responsible for security breaches: 85% by humans, 10% from unpatched software, and just 5% from outdated or insufficient security technology. However, 73% also indicated that traditional firewalls and antivirus technologies are no longer a significant barrier to hackers anymore.
However, the biggest-named obstacles to hackers, according to those surveyed at the Black Hat conference, are Multi-Factor Authentication and Encryption.
Where Do Companies Stand in Light of This Data?
Part of the issue companies face is that there is no clichéd ‘one size fits all’ solution that can be easily implemented. As often the case, cost is often a deterrent for companies implement change, but with the significant prevalence of data breaches and security threats, many can see that justification as short-sighted. Another argument is that with the extra layers of security comes an extra layer of complexity that could burden a company’s current system by trying to align the two technologies.
However, companies have been slowly responding to security pressures to get onboard in establishing policy for multi-factor authentication. Around 2012, two-factor authentication was the solution to security threats, but hackers were quickly able to side-step the hurdle through other weaknesses. In 2013, 30% of organizations were then using MFA, and the following year, the numbers were up 7%. Stratistics MRC predicts we will see a compound annual growth rate of nearly 19% by the year 2022.
Risk Control Strategies Can Help
Risk Control Strategies (RCS) offers their services to the legal, corporate, and private sector. We understand the needs of each client can vary greatly, which is why we meet one-on-one to discuss and determine the best approach in preventative measures for your company, or even help during any phase of a current security breach. RCS provides a comprehensive menu of services, including Investigations, Business Intelligence, Physical and Cyber Security Services to ensure safety against internal and external threats.
Part of what makes RCS effective are the thorough audits and evaluations we perform on our clients’ systems. Not only do we perform initial audits to assess the appropriate level of security measures necessary, but we re-assess after specific periods of time to ensure whether the security measures in place can withstand current and anticipated threats, or if adjustments need to be made. RCS goes to great lengths to learn the nuances of our clients’ company culture and expectations, and designs the most cost-effective but optimal security strategy.
RCS has delivered quick responses to numerous IT incidents ranging in minor to major scale threat. Our extensive law enforcement and forensics experience lends itself to expert legal investigative services as well.
Risk Control Strategies (RCS) specializes in investigative, security, and business intelligence for legal, corporate, and private sectors. Our team of seasoned professionals are backed by decades with federal and state law enforcement agencies, conferring unparalleled expertise and care with each assignment. Explore our website, or visit our contact page and reach us directly to learn more.