Featured Stories

Fraud’s Foe: How MFA Shuts the Door on Cybercriminals

By Greg Wagner | July 15, 2024
Two-factor authentication (2FA) and fingerprint touch identification security concept. User with digital tablet and smart phone and two-factor authentication security process. Face identification on smart phone, flatlay design.
Email This

As cyber threats become increasingly sophisticated, securing user identities is paramount. Multi-factor authentication (MFA) is a formidable defense, requiring multiple verification methods to authenticate identity. This layered approach ensures that even if one credential, such as a password, is compromised, additional barriers thwart unauthorized access.

MFA Basics

The primary goal of MFA is to add additional layers of security, making it more challenging for unauthorized individuals to access a target system or data. Typically, MFA involves a combination of two or more of the following factors:

  • Something You Know: A password or PIN.
  • Something You Have: A physical device like a smart phone, smart card or security token.
  • Something You Are: Biometric verification such as fingerprints, facial recognition or voice recognition.

How MFA Shuts the Door

Cybercriminals heavily depend on compromised credentials to infiltrate systems and gain unauthorized access. However, even if a hacker obtains a password, MFA is a formidable barrier, requiring additional authentication factors. This significantly diminishes the likelihood of a successful breach by 80%-90%, bolstering overall security posture and safeguarding sensitive information.

According to the 2024 Verizon report, it takes less than 60 seconds to fall for a phishing email scheme and only 28 seconds to enter valuable data. With MFA, however, knowing the password is not enough. The attacker also needs access to the second factor, such as the victim’s phone or biometric data, which is much harder to obtain.

Credential stuffing involves pairing a leaked username and password to access multiple accounts. MFA nullifies this threat by requiring a second verification, making just stolen credentials insufficient.

Man-in-the-middle (MitM) attacks intercept communication between the user and server. This eavesdropping-on-overdrive attack threatens 95% of HTTPS (hypertext transfer protocol secure) servers. MFA can help thwart these attacks by ensuring authentication requires something that cannot be intercepted or duplicated easily.

Implementing & Adopting MFA

Implementing MFA can vary depending on the needs of a business and the sensitivity of its information. Here are a few steps to consider for effective MFA implementation:

Assess risks and identify needs. Understand the specific risks your organization faces and identify which systems and data require the highest levels of protection.

Choose appropriate MFA methods. Select MFA methods that balance security and user convenience. Biometrics, while highly secure, may not be feasible for all environments, whereas SMS-based codes, though easier to implement, may be less secure.

Educate and train users. Ensure all users understand the importance of MFA and how to use it correctly. Regular training and awareness programs can help mitigate user resistance and errors.

Monitor and adapt. Monitor the effectiveness of your MFA implementation continuously and be ready to adapt to new threats and technological advancements. Regularly update and patch MFA systems to address vulnerabilities.

Challenges & Considerations

While MFA is a powerful tool it is not without challenges.

Users may find MFA inconvenient or difficult to use, leading to pushback and potential non-compliance. User-friendly options like fingerprint or facial recognition and push notifications can enhance usability. And a gradual introduction of MFA, starting with the most critical systems and working down, allows users to adapt to new security measures.

Setting up and maintaining MFA systems can be costly. Leveraging existing resources can minimize additional costs. Many cloud services and platforms also offer built-in MFA capabilities. Another way to keep costs under control is to choose scalable solutions to grow with the business.

Some older systems and applications may not support modern MFA methods, requiring additional investment in updates or replacements. Implementing incremental updates, incorporating third-party integrations for older systems, and developing custom solutions for specialized systems are strategies to overcome these challenges.

Armed with the arsenal of MFA, you can be ready to defend against the cybercrime onslaught, forging a path toward a safer, more secure digital future.

Topics Fraud

Was this article valuable?

Here are more articles you may enjoy.

Biden Administration Raises FEMA Bar for Flood Resilience
‘We’re All Going to See the Impact’ – Beryl Could Worsen Texas Insurance Crisis
Insurance Industry Impact From Hurricane Beryl Expected to Be ‘Manageable’
Hurricane Beryl Triggers Record Payout for Caribbean Insurer
Greg Wagner

Written By Greg Wagner

Wagner is senior vice president and senior broker at Flow Specialty, a next-gen AI specialty brokerage for commercial insurance.

From This Issue

Insurance Journal Magazine July 15, 2024
July 15, 2024
Insurance Journal Magazine

Specialty Markets Directory, Summer Edition

Email This