A trend that we are seeing in the marketplace is businesses being forced to investigate MFA (Multi-Factor Authentication) by Cyber Insurance providers. But why? Cyber Insurance vendors understand that large and enterprise-sized companies are no longer the only target for cybercriminals: the reality is that EVERYONE is a target. Everyone's at risk and it's no longer a case of IF, but WHEN, regarding cyberattacks. Insurance vendors don't want to leave themselves open to constant pay-outs to their policy holders, so demanding that MFA is in place will become the norm.

WHAT IS MFA?
'Authentication' in technology is the act of verifying that a user is who they say they are. Typically, this is a Username/Password scenario.

The problem with passwords is that they can be cracked easily. And once they’ve been cracked, they're distributed throughout the cybercriminal network.

Nick Evans, SecurEnvoy: demanding that MFA is in place will become the norm.

WHAT ARE MFA FACTORS?
Factor 1 - Something you know
(a Password/Pin/Security Question)
Factor 2 - Something you have (Hardware Token/One-time authentication code/SMS)
Factor 3 - Something you are (Biometrics - Fingerprint/Retina/Voice/Face)
Factor 4 - Somewhere you are - a known location (Home/Office).

WHAT CONTROLS NEED TO BE PUT IN PLACE?
Most carriers now require these MFA controls to be in place:

• MFA for remote networks - A massive increase in remote-working due to Covid-19. (MFA for remote networks reduces the potential for a network security breach caused by comprom -ised password)
• MFA for admin access - This area is of massive importance; your business solution admins hold the keys to your business! (MFA for admin access limits an attacker's ability access a compromised network)
• MFA for remote email access - So much detail in the data that is bouncing around in your emails.

PRESSURE TO EMBRACE MFA
Why are insurance carriers demanding that we have MFA, rather than recommending?

Here’s what Microsoft say on this:
“By providing an extra barrier and layer of security that makes it incredibly difficult for attackers to get past, MFA can block over 99.9 percent of account compromise attacks. Knowing or cracking the password won't be enough to gain access."

Passwords cannot be your only form of defence, and hackers can crack your password and immediately gain access to all services available to you, within seconds/minutes. MFA provides a massive obstacle that needs to be put in place, so those criminals can't just walk into your house and take what they want - ie, your data!

= Microsoft and Google suggest that MFA can block over 99% of account compromise attacks
= The Cyber insurance market is expected to grow by 21% in 2021 making it
a $9.5 billion industry
= 31% of cyberattacks are aimed at businesses with under 250 staff
= Microsoft registers over 300 million fraudulent sign-in attempts, daily
= 60% of your customers will think about leaving you, should a cyber breach ever occur and become public knowledge. 30% will walk away.

Is the loss of 30% of your business more or less than an adequate cyber resilience budget? And what about reputational damage as well? The loss of 30% of business is one thing, but what about the loss of future new business?