The COVID-19 pandemic has forced organizations worldwide to adopt remote work arrangements, and many of them have no plans to return to the traditional office setting. While remote work offers numerous benefits, it also comes with increased risks and a wider attack surface. The widespread use of remote access technologies and the rapid growth of cloud usage contribute to the heightened risk of credential theft.
Credential theft occurs when malicious actors steal usernames and passwords, enabling them to infiltrate a company’s network and gain unauthorized access to sensitive and mission-critical data. Since these threat actors often appear as legitimate users, security breaches resulting from credential theft can go undetected for extended periods.
Managed service providers (MSPs) are particularly susceptible to these threats, especially when onboarding employees with limited experience in safeguarding login credentials. It is essential for MSPs to prioritize these risks and provide their end-users with the necessary tools to minimize these threats, whether they arise from social engineering, hacking, credential stuffing, or brute force attacks.
To combat the risk of credential theft, the Cybersecurity Infrastructure and Security Agency (CISA) recommends the use of multifactor authentication (MFA). MFA is a layered approach to data and application security that requires users to provide multiple credentials to verify their identity during login. By combining two or more different authentication factors, such as passwords, hardware keys, or biometrics, MFA significantly reduces the chances of unauthorized access even if one factor is compromised.
Many experts consider MFA, especially in the form of time-based one-time passwords (TOTP), as the most effective method for securing IT systems against cybercriminals. TOTP involves the use of a temporary code that is valid for a short period, in addition to a password, to authenticate a user’s identity. Interoperability allows MSPs to support their customers with a single technological solution, improving credential security for organizations of all sizes.
However, TOTP has its limitations, particularly regarding phishing attacks. Phishing sites traditionally aimed to collect usernames and passwords, but they have evolved to automate the process of redirecting victims to legitimate sites after obtaining their credentials. This automation, made possible by tools like Evilginx, poses a significant challenge to the security of TOTP codes.
To address this issue, a better solution is emerging, known as FIDO2 authentication. FIDO2 consists of two components: WebAuthn and Client to Authenticator Protocol (CTAP). FIDO2 offers various user flows and can be implemented as a second factor alongside a password or as a single factor with username discovery and optional PIN protection. This authentication method provides ultimate protection against phishing and offers varying security levels to meet the needs of customers and MSPs.
When selecting the right solution for securing credentials, MSPs must consider the potential consequences of a cyberattack. The damages can be severe, ranging from reputational loss to financial costs associated with recovery, restoration, and legal expenses. With multifactor authentication being inexpensive, secure, and user-friendly, it is a crucial component of any comprehensive cybersecurity strategy.
For customers seeking a quick and widely adopted solution, TOTP is a viable option. However, for those willing to invest more time in testing and achieve optimal protection against phishing attacks, passwordless FIDO2 authentication and passkeys are recommended. Additionally, customers in need of two-factor authentication (2FA) and willing to invest in hardware costs, FIDO2 hardware keys provide the ideal solution.
Despite the significant improvement in password security offered by MFA, it is not foolproof. Research indicates that 34% of employees admit to sharing passwords with their colleagues, highlighting the importance of promoting strong cyber hygiene practices and providing comprehensive training to educate clients and employees about the potential dangers of compromised credentials.
In conclusion, as remote work becomes the new norm, organizations must prioritize the security of their credentials and data. Implementing multifactor authentication, whether through TOTP or FIDO2, is a crucial step towards mitigating the risks of credential theft and protecting sensitive information from cybercriminals. By investing in robust cybersecurity measures and promoting cyber hygiene among employees, businesses can enhance their reputation, gain customer trust, and safeguard their long-term success in the digital age.