Preventing “Privileged User” Fraud and Abuse

Less Than One-Third of Organizations Use MFA to Secure Their Environment


Print Friendly, PDF & Email

Surprising data highlights a material security gap that enables cybercrime. According to MFA hardware vendor Yubico in their State of Global Enterprise Authentication Survey, less than one-third of organizations use some form of additional authentication factor:

  • 33% use Mobile/SMS pushes
  • 30% use a Password Manager
  • 29% use a mobile push authentication app
  • 20% use hardware keys

What’s more shocking is that 59% of employees rely on simple username and password combinations to authenticate. And according to Hive Systems, any 8-character password can be cracked in less than an hour through brute force. Further, any password containing less than seven characters can be cracked instantly.

All it takes is one really good social engineering phishing attack, and threat actors will have one or more sets of your employee’s credentials. And with no additional authentication factors, cybercriminals have the keys to whatever corporate kingdom the compromised employee has access to.

Whenever possible, use multifactor authentication (MFA) to provide another layer of security. The best tactic a user can do to prevent password hacking (after using MFA) is to avoid being socially engineered, which takes a good, in-depth combination of policies, technical defenses, and end-user education.

Security Awareness Training can educate your users on the state of phishing and social engineering attacks and help avoid providing threat actors with usernames and passwords. Contact Yeo & Yeo Technology to learn more.

Information in this article was provided by our partners at KnowBe4.

Want To Learn More?

Connect with one of our experts today.