print   email   Share

Multi-Factor Authentication: Does It Help Protect Your Data?

Cybersecurity firm, SonicWall, Inc. is investigating a breach of its Secure Mobile Access (SMA) 100 series, a product that they state "simplifies end-to-end secure remote access to corporate resources."

The firm originally believed the compromise also affected a version of its NetExtender VPN, but they have since been able to eliminate that possibility.

As part of the investigation, experts are determining if the hackers used a vulnerability that has recently been discovered in the SMA 100 networking device. Also, investigators are not clear if this breach is connected to the Russian-based attacks against private and public entities around the country.

SonicWall assures its clients that the compromise does not involve SonicWall firewalls, SMA 1000 series, or SonicWave access points. Andrew Martin "SonicWall Says It Was Victim of 'Sophisticated' Hack" www.bloomberg.com (Jan. 23, 2021).

Commentary

Shortly after announcing the SMA 100 compromise, researchers at NCC Group, a global system security business, also identified a zero-day vulnerability in the SMA device’s firmware. They believe it is the same vulnerability the hackers exploited to gain access to SonicWall’s network systems.

SonicWall recently released a patch to the device’s firmware and advises corporations who use this device to immediately implement this upgrade. They also encourage clients to enable multiple-factor authentication (MFA) for SonicWall device accounts to enhance security.

MFA, sometimes referred to as two-factor authentication, is a password security process that requires two or more credentials to access an account. In its most common form, a user types in a name and password, then receives a pin number via text or email that he or she must also enter in order to gain access to the account.

MFA is a highly effective means of protecting credentials and can strengthen your organizations security position. So, not only does a criminal have to have your username and password, they must also have control of your devices.

According to researchers at Microsoft, MFA can block over 99.9 percent of account compromise attacks, including automated attacks on Microsoft platforms, websites, and other online services. Still, only 11 percent of organizations use MFA company-wide.

In fact, an article written by a member of the Microsoft Identity Division - Security and Protection Team states that creating a strong password is not nearly as helpful at protecting you against a data breach as is multi-factor authentication. In the event that your password is stolen in a data breach, the strength of your password does not matter (unless it is longer than 12 characters and never used before); however, MFA still acts as a protective barrier between the hackers and your account.

Finally, your opinion is important to us. Please complete the opinion survey:

News

New Fax Number for Best Practice Help Line

The fax line for Best Practice Help Line consultation requests is now 918-712-5965.

Tax Season Is Here And So Are Taxpayer Cyber Scams

Every year hackers take advantage of the stress of filing taxes to target victims, including employers, with phishing scams. Learn more.

Multi-Factor Authentication: Does It Help Protect Your Data?

SonicWall, Inc. says hackers breached its system security software and is working on a fix. Learn about multi-factor authentication.

How Fast Can A Cybercriminal Crack Your Password?

New research on 2020's most popular passwords shows that a large majority can be hacked in less than a second. This is yet another reason why password security should be a top priority.