Phishing takes advantage of the weakest link in any organization's cybersecurity system: human behavior. Phishing attacks are typically launched via email, although some opening salvos have begun to use text messages or phone calls.
In the most common scenario, an email arrives that supposedly comes from HR or IT, for example. It looks like any other business email. Advises the viewer to update their personal information or IT profile by clicking a link or opening an attachment. When the person does so, they are asked to enter personally identifiable information, such as their date of birth, full name, social security number, and passwords. This allows a bad actor to take over his account, steal his identity, and can also be the initial stage of a ransomware attack that locks the entire company out of IT systems.
According to countless simulated phishing tests conducted by security training provider KnowBe4, one-third of any employee base is classified as prone to phishing. Once trained in phishing scams, 17.6% still tend to be fooled by cybercriminals' latest tricks. By continuing to educate users on security scams and phishing for a year, that number drops to 5%. In other words, it is unlikely that any organization will be able to completely eliminate intrusions caused by phishing attempts. This makes it very clear why every organization needs to implement multi-factor authentication (MFA).
1
twin door
Employees by company size
Micro (0-49), Small (50-249), Medium (250-999), Large (1000-4999), Business (5000+)
Medium (250-999 employees), Large (1,000-4,999 employees), Enterprise (5,000+ employees)
Medium, Large, Company
3
NordLayer
Employees by company size
Micro (0-49), Small (50-249), Medium (250-999), Large (1000-4999), Business (5000+)
Small (50-249 employees), Medium (250-999 employees), Large (1000-4999 employees), Enterprise (5000+ employees)
Small, medium, large, company
How multi-factor authentication works
One of the best defenses against credential-stealing phishing attacks is multi-factor authentication. MFA imposes an additional step that people must take to be allowed access. Therefore, even if cybercriminals compromise an account, they cannot cause damage as they would lack the additional element needed to gain access.
MFA introduces several additional security factors into the authentication process, including: something you know (i.e. a password), something you have (a phone or email to receive a code), and/or something you are (a fingerprint). By having a secondary code-share device or biometric tool for authentication, MFA makes it difficult for credential thieves to bypass those security factors.
If someone clicks on a malicious link and their credentials are stolen, MFA provides another verification point that the threat actor cannot access, whether through SMS, email verification, or through an authenticator app.
For the end user, this means they will need to provide a biometric identifier on their device or laptop, or receive a code via text message or an authenticator app on their phone. This usually only takes a few seconds. The only problem may be that there is a delay in the code arriving.
However, keep in mind that threat actors have stepped up their game by finding ways to compromise MFA credentials. According to an alert from the Cybersecurity and Infrastructure Security Agency:
“[I]As a widely used phishing technique, a threat actor sends an email to a target that convinces the user to visit a website controlled by a threat actor that imitates a company's legitimate login portal. The user sends his username, password and the 6-digit code from the authentication application on his mobile phone.
CISA recommends using phishing-resistant MFA as a way to improve overall cloud security against phishing attacks. There are several ways to achieve this.
Choosing the best MFA solution for your business
Any type of MFA will help protect cloud data from a phishing attack. Consumer MFA uses a code sent via text message. However, threat actors have discovered ways to trick users into sharing those codes. Additionally, users can be left vulnerable if they don't set up MFA on all of their apps and devices or if they disable MFA entirely. Therefore, it is vital that organizations prefer phishing-resistant MFA and include two or more layers of authentication to achieve a high level of protection against cyberattacks. Here are some of the characteristics to look for in MFA candidates:
Share code
Code sharing works by sending a text message to a mobile phone or a code to an authenticator app on that device. Although sharing code is not enough, it is a good start.
Quick online identification
Fast ID Online (FIDO) leverages asymmetric cryptography, where separate keys encrypt and decrypt data. Fast ID Online authentication works in two ways: through separate physical tokens or authenticators built into laptops or mobile devices.
NFC
NFC stands for near field communication, which uses short-range wireless technology embedded in a physical security key, such as a phone, USB device, or key fob. Some methods also use a security chip embedded in a smart card.
Recommended MFA Solutions
There are several enterprise-level MFA solutions available.
PingOne MFA
In addition to standard MFA features such as one-time passwords and biometrics, PingOne uses dynamic policies that IT can use to streamline the authentication process and integrate authentication into business applications.
cisco duo
Cisco Secure Access by Duo offers a wide range of out-of-the-box integrations, a simple enrollment process, and convenient push authentication features. It is one of the most deployed MFA applications.
IBM Security Verification
IBM's MFA offering integrates with many security tools and IBM products, making it a good choice for companies that prefer IBM tools. It offers both cloud and on-premises versions, as well as adaptive access and risk-based authentication.