A recent study conducted by Osterman Research revealed that while the adoption of multifactor authentication (MFA) is on the rise due to the increasing threats related to identity security, many organizations are still lagging behind in implementing this crucial security measure. The study, which surveyed cybersecurity professionals from over a hundred US-based organizations, found that a significant number of respondents admitted to not protecting “every employee and every app” with MFA.
The alarming fact is that almost eight out of every ten respondents reported being compromised in one or more types of identity attacks in the past 12 months. Despite the clear need for stronger security measures, only a small percentage of organizations have fully implemented MFA across all their employees and applications. This lack of robust protection leaves organizations vulnerable to cybercriminals who are becoming increasingly sophisticated in their methods of stealing and abusing compromised credentials.
According to Michael Sampson, principal analyst at Osterman Research, cybercriminals are now focusing more on stealing authorized access through compromised credentials rather than attempting to hack into systems directly. This shift in tactics has made it imperative for organizations to prioritize the adoption of more secure MFA methods to prevent unauthorized access to sensitive data.
The study identified several factors that are contributing to the challenges in maintaining effective identity security, including the growing complexity of IT systems, the use of artificial intelligence by cyber adversaries, and the lack of cybersecurity expertise within organizations. Additionally, a significant number of respondents highlighted the difficulty in detecting and stopping identity attacks in real-time, further emphasizing the urgent need for stronger security measures.
Experts emphasize the importance of enforcing stronger forms of MFA that do not rely on easily phishable codes, such as hardware keys based on the FIDO approach. Despite the availability of other identity security practices like Single Sign-On (SSO), Zero Trust Architecture (ZTA), Identity and Access Management (IAM), Privileged Access Management (PAM), Role-Based Access Control (RBAC), and Just-in-Time (JIT) provisioning, MFA remains a critical and adaptive security measure for safeguarding access and identities.
The study also highlighted the growing acceptance of MFA as a mandatory security requirement, with major global IT companies like Microsoft, Google, AWS, Apple, and Salesforce either mandating or considering the mandate of MFA for all users. This shift towards stronger security measures underscores the importance of proactive measures to protect against identity threats and prevent unauthorized access to sensitive information.
In conclusion, the study’s findings serve as a stark reminder of the pressing need for organizations to prioritize the implementation of robust security measures like MFA to safeguard against the evolving threats related to identity security. By adopting stronger and more secure authentication methods, organizations can better protect their assets, data, and reputation in an increasingly volatile cybersecurity landscape.