As our organizations and the IT infrastructures we use are continually evolving, the ways in which they can become vulnerable are equally changing. In recent times, the occurrence of security breaches and the levels of sophistication they have reached is an increasing worry for modern day organizations. Large scale attacks such as the SolarWinds Orion software breach, a Florida city water supply hack that had the potential to poison and more recently a Microsoft Exchange hack are a serious warning to the importance of having a strong cybersecurity strategy – no matter how big or small an organization.

A common theme in recent breaches is the effects of internal processes and the external consequences that they can have, both on an organization and its customers. While a shared password jeopardized the health of hundreds of individuals in a Florida city, the hugely debated SolarWinds hack resulted in high-profile customers downloading infected software – breaching sensitive data as a result of a cascading supply chain attack. Although there are many questions still unanswered, SolarWinds’ use of a weak password and the controversy it has caused, though not directly linked to this breach, have been the center of discussion regarding their cybersecurity posture.

Strong Authentication Should Be Part of Your Organization’s Culture

The somewhat famous “solarwinds123” update server password is one that has been under the spotlight for the organization. While it is important to remember that the password was not  reported to have been connected to the breach, it highlights how poor security that may appear obvious is often overlooked in large organizations if a culture of strong authentication is not widely implemented. The major SolarWinds breach revealed this internal password issue, which was likely to have been seen as something insignificant within their overall cybersecurity strategy. Therefore, it goes without saying that large scale threats can bring supposedly trivial errors to the surface and cause harm to an organization and its customers.

No matter who set the weak password in this case, the importance of only authorized users having access to such vulnerable systems is strongly highlighted here and illustrates the need for a risk-based, layered security approach that moves beyond weak, single, reused or shared passwords to multi-factor authentication (MFA). The need for this runs throughout an entire organization, both practically and culturally.

Safeguard Your Organization and Customers Alike With Multi-Factor Authentication

While remembering that there is no silver bullet for such attacks, it is important to understand that the use of MFA is a fundamental cybersecurity approach that further secures sensitive data and mission-critical systems, and adds an extra layer of protection to shield organizations from security breaches. Wide-spread MFA implementation is important in protecting access to an organization’s network and resources – whether it be for employees, customers, partners or other applications.

How Do MFA Solutions Work?

MFA works against security breaches by using multiple authentication factors that are mutually independent – securing only authorized access to networks, systems, applications, data, digital signatures and encryption. MFA is based on the understanding that passwords are not enough to secure such valuable resources, and they deliver a poor user experience.

Solutions can provide:

• Authentication to workstations
• Remote access
• Transaction verifications
• PKI login
• Email encryption
• Electronic signature
• Application-to-application authentication

We can see from recent advanced persistent attacks (APT) that it is not just end user access that can be impersonated and replicated, but applications and systems too – which are somewhat harder to trace. As well as ensuring that such access cannot be impersonated by an individual, strong authentication can improve the protection for application-to-application access through the use of PKI authentication over authorization frameworks such as OAuth2.

Versatile and Convenient MFA Solutions

Organizations are all different, and as such, their security vulnerabilities and suitable authentication methods will be different too. That is why the right MFA solution needs to be versatile and convenient depending on an organization’s specific security requirements. An MFA offering such as HID’s Authentication Platform encompasses multiple solutions for both enterprise and consumer solutions to protect a wide breadth of end users and applications, and among other thing, includes a large range of authentication methods to choose from:

• Physical: hardware tokens, Bluetooth tokens, USB keys with PKI or FIDO, smart cards with PKI or FIDO (such as Crescendo^®)
• Digital: out of band, digital certificates, virtual smart cards, soft tokens, push authentication (such as HID approve mobile app)
• Advanced security factors: threat detection, behavioural analysis, biometrics, fraud detection

As well as including support for a plethora of authenticators, HID’s Authentication Platform provides an adaptive risk engine, account recovery mechanisms, identity vetting, credential provisioning methods and consent management. Our solution also supports OAuth2 Clients with PKI, ensuring protection for both end users and applications. MFA implementation doesn’t have to involve huge investment, as it can provide the opportunity to leverage existing security processes.

Passwordless MFA Improves Problematic Password Cultures

Strong cybersecurity is all about clear accountability of who is accessing what within an organization, yet it is hard to get a clear idea of where assets could be compromised and detect threats if weak passwords are being used. For this reason, passwords are vulnerable to breaches in more ways than just being easier to guess or be shared. Internal policies must be put in place and culturally embraced through MFA, ensuring users log in with their own user IDs rather than sharing accounts.

For some organizations, falling into the trap of password sharing is easily done due to the inconvenience of memorizing multiple passwords. However, the right MFA solution solves this by facilitating an easy, passwordless authentication experience through factors such as smart cards, security keys, biometrics and more. An MFA solution such as HID’s DigitalPersona used with Crescendo credentials gives users the tools to seamlessly log in with MFA without having to memorize passwords – enhancing security by removing the risk of users writing down their passwords.

Strong Security Starts From Within

The stories of recent attacks are ones that illustrate internal issues and their external impacts, where we learn that handling security poorly inside will impact both internal networks and customers.

Today, MFA must play a key role in any organization’s cybersecurity approach and remain at the heart of a transition towards passwordless authentication. There are many options to craft an MFA solution that works with your organization to protect it from threats, all while providing a convenient user experience. To find an option that fits your needs, explore HID’s full multi-factor authentication solution.

Get the latest blogs on identity and access management delivered straight to your inbox.

Milan Khan is a Product Manager within the Identity and Access Management Solutions business area at HID Global. Responsible for the HID Cloud Authentication Service, he’s successfully launched the product and continues to champion the improvements. Milan has worked within the IT security industry for over 16 years, primarily in customer-facing roles, understanding customer needs and drivers. He is keen to solve customer’s identity, access and authentication problems while innovating and improving customer experience.