Recently, I was conversing with former FBI agent and author of The Secret to Cyber Security, Scott Augenbaum, after a virtual conference. We discussed the wave of ransomware and breaches being seen. One thing we both agreed upon is that a large percentage of those attacks could have been prevented. While some are very sophisticated attacks, like the recent SolarWinds supply chain attack, those are minimal compared to the ransomware attacks that wreaked havoc on companies this past year.
We’ve seen a White House executive order highlighting the threat and required actions to minimize risk. The thing is…the core prevention measures haven’t changed much since Scott’s book was published in 2019 (or even prior to that!).
Multi-factor authentication (MFA) on remote access and email accounts isn’t new and has been proven to prevent 99% of unauthorized logins to systems. This is critical because the lion’s share of ransomware is executed after an unauthorized login rather than an attacker exploiting a vulnerability or “hacking” into a system. They are simply logging in with valid credentials; MFA can stop this!
Let’s agree we’re making this too easy for attackers and commit to action on this “Secret of Cyber Security” – put MFA in place for your business before it’s too late! There’s a reason the executive order mentions MFA five times – this is a critical step for protection.
Remember the massive and sophisticated Colonial Pipeline hack that disrupted gasoline across the east coast? Would you be surprised to know it was started by a single account that did not have Multi-factor authentication? To me, that didn’t come as a surprise at all!