What is multi-factor authentication? Multi-factor authentication is a method of access control which requires a user to have two of the three factor categories: Knowledge – passwords; Possession – token or card; Inheritance – biometric. While there is not currently any regulation or requirement for system-wide multi-factor authentication, it is a growing best practice. Many areas of regulation or guidance, such as Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry – Data Security Standards (PCI-DSS), encourage or require multi-factor authentication for remote network access.
The number of cybersecurity issues over the past five years continues to increase. More and more sensitive information is being compromised due to poor password controls. Phishing scams and malware outbreaks get more sophisticated and pervasive all the time. These types of threats commonly result in user passwords being compromised. Other reasons to consider multi-factor authentication:
- Many of the well-known data breaches from 2014 could have been avoided if the entity had a multi-factor authentication solution in place for the system housing sensitive information.
- Identity theft is the fastest-growing type of crime, now more profitable than drug-related crimes.
- Even if an organization employs vulnerability tests, anti-virus systems and advanced firewalls, lack of user authentication still leaves a company vulnerable to hackers.
According to the Verizon 2014 Data Breach Investigations Report, there were 1,367 confirmed data breaches and 63,437 security incidents in 2013 (these only account for incidents that were officially reported). Of the 1,367 breaches, the majority are precipitated external sources.
The next figure demonstrates the movement of different threat actions over the past three years. As you will see, “Use of stolen credentials” has risen to the top of the threat list.
For more information about multi-factor authentication and information security risks, please contact Jason Miller, Director of Technology Consulting at Dean Dorton.
Jason Miller
jmiller@ddaftech.com
(859) 425-7626