Cybersecurity Denial and Cure
Author: Will Houry, VP of Sales
Next >> FIDO
Previous << Lowering Insurance Premiums With MFA
Many small and medium-sized enterprises (SMEs) have many reasons why they are less concerned about cybersecurity than their larger cousins, but the truth is they should be just as worried. One of the easiest and most secure forms of cybersecurity is PKI-based multi-factor authentication (MFA), yet time and again the lack of this basic measure allows easy access for hackers.
Here are the top 5 reasons companies give for shying away from MFA, and some of our counterarguments:
1. Implementing MFA is overkill for us. It’s more sophisticated than we need. Everyone in our organization already has a smartphone, so we can get by using a One Time Password (OTP) app instead.
- While this argument may have been valid several years ago, since then it has been well proven that OTP is not secure enough today. Short message service (SMS) OTP is now used far less frequently because of the risks of SIM swapping or even interception since the communication is not encrypted. OTP generated by a proprietary app is better but could still be intercepted by a malware application.
- User convenience also must not be underestimated. Performing an OTP authentication to access each application is an extra step for the end user, which often has a negative impact on user experience and efficiency.
2. We don’t have the bandwidth/budget to implement PKI/multifactor authentication...
- When you consider cost per user, MFA is quite cost effective. Many businesses will realize a discount on their insurance by implementing MFA, too.
- If implementation feels daunting, enlist a trusted partner and use a solution to manage the system once it’s in place. You will sleep better at night knowing your data is protected.
3. We are looking at other technologies/ Having X is enough/ My firewall is protected and we use complex passwords...
- Certainly there are other technologies but MFA with hardware-based PKI is the only cybersecurity solution on the market today allowing the highest level of security cost-effectively for many different use cases such as domain logon, remote authentication, digital signature and encryption.
- Closing the perimeter with a good firewall is a start, but it’s not enough. A Forrester report highlighted that 83 percent of organizations that lack a mature Identity & Access Management (IAM) system are exposed to more expensive breaches. They also showed there that the risk of breaches drops by 50 percent at the most mature compared to the least mature organizations.
- Complex passwords are still exposed to brute force and phishing attacks. They are also inconvenient for end users. Not surprisingly, the risk of password reuse for both private and professional use is very high.
4. Aren’t PKI devices old technology?
- Like many technologies, PKI technology is continually evolving, with applications including smartcards, USB tokens, mobile devices, virtual smart cards or Windows Hello for Business containers. Hardware-based PKI is still the most secure and reliable technology today.
5. My information is not important/The business is too small for anyone to try to steal our data
- How small is too small that a hacker won’t bother? A ransomware attack that nets a hacker even a few thousand dollars might be considered worthwhile to someone living in a third-world country.
- Two in three SMBs feel they are not vulnerable to attack while a Ponemon Institute and Keeper survey from the year before showed that two in three SMBs had, in fact, been targeted by breaches.
Are you or others at your organization suffering from cyber denial? If you need help talking through any of these issues with the decision makers at your company, give us a shout here (and click the CHAT button). We are happy to help you make the very justified case for PKI-based MFA at your organization.