En raison de la grève de Postes Canada, il y aura un délai dans la livraison des livres.

FREE Membership Sign in

JavaScript is disabled in your browser.

In order visualise this page, please follow these steps.

Multi-factor authentication: not a silver bullet

Visibility360, PDF version to share

By Kate McCaffery | July 11, 2024, 10:25 a.m.

Photo: Freepik

Gallagher Re’s recent Cyber Focus report in July 2024 looks at multi-factor authentication (MFA), saying such measures are a crucial defense, but that companies must also provide education to help mitigate the risk of successful MFA bypass attacks.

Entitled Multi-Factor Authentication: Moving from ‘do you use it?’ to ‘how is it applied?’ the report states that a well-implemented MFA system can neutralize opportunistic attacks and significantly reduce the risks associated with targeted attacks.

“MFA has become the star security control for securing online accounts in recent years, representing a crucial defense against a rising wave of attacks on cloud-based identities. However, this very success has also made MFA a prominent target for threat actors,” they write. “Recent threat actors’ attention has focused on circumventing or undermining MFA security controls. Gallagher Re has observed this shift taking place in cyber insurance claims data.”

Bypass tactics

The report goes on to discuss MFA bypass tactics, recent high-profile cyberattacks and the susceptibility of different MFA technologies to various kinds of bypass tactics. “Understanding the relative exposure of different policyholders to these threat actor techniques enables more informed pricing and decision making.”

Among the report’s recommendations, its authors point out that even simple MFA is better than no MFA at all. It also says MFA needs to be enforced and present on all login attempts, particularly on high-value accounts such as administrator and service accounts that are typically targeted. Finally, they say providing up-to-date education about current phishing and bypass attack techniques is also a best practice.

“Emerging MFA workaround techniques by attackers also serve as a pertinent reminder to cyber underwriting teams that constant adaptation of underwriting practices is needed to insulate portfolios from evolving threats,” they conclude. “By understanding the details of how MFA is implemented across portfolios, insurers can make more informed decisions on the susceptibility of policyholders to emergent attack types.” They also conclude, saying insurance can play a role in educating policyholders, as well.

The most popular in Society

Increasing numbers dependent on family to secure homeownership