By Nandan Bhatkal
Remote work in India, has increased five-fold compared to February, 2020, due to the Covid-19 situation. Organizations are trying do their best to ensure business continuity in these trying times, when business as usual is out of the question. As remote work has increased five-fold, rate of increase of cybercrimes is not far behind, at 250%. Evidently, cyber attackers are trying to exploit the loopholes in the remote access mechanisms followed by enterprises, most of which were suddenly and hastily implemented.
Virtual Private Network (VPN), is one common mechanism that many organizations have used to enable their employees to work from home. It is easy to implement and provides a private secure tunnel to securely access corporate data and applications. But without security optimization features, a VPN might open doors for some serious cyberattacks. One such important security optimization feature is multi-factor authentication (MFA).
Adding one more step to the process of authenticating your users’ identity makes it harder for an attacker to access your data. MFA drastically reduces the chances of fraud, data loss, or identity theft, thus significantly reducing exposure and risk to the business. MFA primarily prevents any attack that results from a malicious force obtaining or guessing the user’s credentials. This can include a wide range of cyberattacks, though most commonly this encompasses phishing/spear phishing attacks, automated credential stuffing, and guessing attacks. In fact, MFA prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks, according to Google.
Some more important reasons why MFA is a must, in remote access solutions are listed below:
Regulatory Compliance:
Certain industries like pharma, banking, are generally subjected to strict data security regulations, while other industries may not have such strict measures. But invariably all industries are regulated, and multi-factor authentication is one common feature of all modern regulations. PCI – DSS, PSD, HIPAA, NIST 800-171, RBI are some of the important regulations which have mandated multi-factor authentication in their respective industries.
Consistent Security for both – On-prem and Cloud apps:
Enterprise digital transformation has been highly accelerated by the cloud benefits of fast deployment, scalability and pay-per-use economics. Often, for enterprises which make use of a combination of on-prem and cloud applications, there exists an inconsistency in the way user accesses an application, resulting in poor user experience. By implementing multi-factor authentication, enterprises can overcome this problem, as with MFA, logging on to VPN would follow the process as logging on to other business applications like collaboration tools, email applications etc.
Strong control over endpoints:
Implementing multi-factor authentication gives enterprises a bird’s eye visibility into all endpoints. The security posture of all endpoints, even of BYOD devices (personal devices of users) can be monitored and access can be provided or denied based on the same. Detailed audit logs on who accessed what, when and how, and if the access had any risk associated with it, can all be provided when multi-factor authentication is implemented.
Granular access controls:
MFA solutions provide organizations the ability to allow enterprises to define security policies in terms of who can access what resources and what all can be done with that access. Dynamic granular access policies can be formulated by taking the factors – who, what, when, where, why, how, into consideration. The strong security by such granular access policies can help organizations minimize the possibility of cyberattacks originating from remote user endpoints.
Prevention of identity theft:
Identity theft is reported as the top most security concern among Indians, and is on the rise because of the significantly high remote work over the last few months due to the pandemic. The possible malicious activities that can be carried out using a stolen credential are endless and to make it worse, there are chances that an identity theft may remain undetected forever. The most effective way to prevent identity theft, and in turn a multitude of cyberattacks, is by implementing a multi-factor authentication.
Thus, multi-factor authentication is not an optional security feature anymore, but an essential feature which organizations, cannot do without. Multi-factor authentication can perhaps be considered the first step towards password-less authentication, which is already extensively adopted and practiced by many enterprises. One layer of protection in the form of password, cannot be considered as an authentication measure anymore, as the cyberthreats have evolved so much since the days, when a single password was actually providing authentication. The on-going widespread, sustained remote work, as a result of the Covid-19 pandemic, almost mandates multi-factor authentication to mitigate the cyberattacks originating from remote endpoints.
(The author is VP – Enterprise Solutions at Accops Systems)
