Multifactor authentication (MFA) exists to protect you by balancing security and convenience. The concept of MFA can be traced back to the pre-internet days with the first ATM by Barclays Bank installed in north London in 1967. The machine used paper checks imprinted with carbon 14, a radioactive substance. The machine reads the imprinting and matched it to a corresponding personal identification number (PIN). John Shepherd-Barron, the inventor, wanted a way to get his “own money, anywhere in the world…”
Modern-day MFA works similarly, albeit with a bit more digital sophistication in an attempt to stay one step ahead of cybercriminals and bad actors. Cyberattacks are growing in scope, sophistication and costs, both directly and indirectly. According to McKinsey & Company:
- Spending on cybersecurity spending providers is projected to reach $101.5 billion by 2025.
- Direct cyber insurance premiums are expected to rise 21% compounded annually through 2025.
- At least eight out of 10 small and midsize businesses plan on increasing cybersecurity spending through 2023.
- The cost of cybersecurity-related crimes is expected to increase by 15% annually.
- The total cost could reach $10.5 trillion annually in 2025.
Sensitive information, bank credentials, medical data, intellectual property, government documents and otherwise confidential material increasingly held on various state-of-the-art digital systems are often inadvertently at risk. Surprisingly, some of the weakest links in many sophisticated cybersecurity systems are the hardest to defeat because they are behavioral and habitual.
Enter MFA and privileged access management (PAM): using a mix of tools and tech to protect and monitor critical data. MFA and PAM work together as a multi-layered defense. MFA is used to help authorized users get into your network and then PAM to enforce predefined parameters customized to the user. As more and more of your organization’s or personal life is held online, the need for strong, reliable and executable MFA and PAM is real.
1. Standalone Passwords Are Invitations for Trouble
In April 2021, the U.S. Colonial Pipeline was the target of hackers via a VPN lacking multifactor authentication. According to Mandiant, the company that worked with Colonial Pipeline after the cyberattack, an employee’s VPN login was thought to be inactive. Additionally, the employee in question may have used the same password for a different website that was previously compromised. According to Forbes, “The head of Colonial Pipeline told Congress that cybercriminals were able to launch a ransomware attack on his company — effectively shutting down half of the country’s fuel supply chain — by stealing one password.”
The appeal (or terrible cyber hygiene) of having only a few passwords is attractive — but can be anxiety-inducing. According to Norton:
- 63% of consumers are “very worried” their identity will be stolen.
- 58% of adults are increasingly anxious about being a cybercrime victim.
- 83% of consumers want more privacy protections — but 47% don’t know where or how to begin.
- 91% of people know reusing passwords increases the risk of being a cybercrime target — but 66% reuse them anyway.
2. Humans Are Often the Weakest Link
The vast majority of security breaches involve people. According to Verizon’s 2022 Data Breach Investigations Report, 82% of data breaches are via humans, including social attacks, errors and negligence.
Microsoft reported that it uncovered a phishing campaign at-scale in early 2022. However, the cyber hackers were largely successful with the accounts not already using MFA.
3. Hackers Are Deploying Tech Advancements and Teams
Hackers aren’t just lone wolves anymore. Many are sophisticated. Some have institutional hierarchies and blockbuster-sized research and development budgets. Some can use artificial intelligence (AI) and machine learning (ML) to speed and scale up their attacks from weeks to days or hours.
According to CheckPoint Research, Emotet is the most widely used malware, with a global impact of 7%. Emotet (previously only a banking Trojan) is now used as a distributor to other malware campaigns. It spreads through phishing as well as spam emails. And it uses AI and ML to avoid detection and maintain a constant stream of attacks.
4. The MFA Market Size Is Growing by Leaps and Bounds
The MFA statistics don’t pull any punches. The adoption of MFA solutions is speeding up. Threats of financial, productivity and reputational losses are driving companies to divert organization spending to higher and higher amounts. The MFA market size is expected to grow from $12.9 billion (2022) to $26.7 billion (2027). That’s a compound annual growth rate of 15.6%.
5. Appeal for On-Demand Access Is Increasing Geometrically
Post-pandemic hybrid remote work depends on vast quantities of data — at speed. Interestingly, all of this massive amount of data flowing back and forth between servers and points of origin exponentially increases the probability of a data breach. According to Fortune Business Insights:
- In 2020, the global web hosting services market was $75 billion.
- In 2021, the global web hosting services market was $83 billion.
- By 2028, the global web hosting services market is projected to grow to $267.1 billion.
In the same report, Fortune Business Insights points out that “cloud services are more vulnerable to cyber-attacks,” citing Pro-service, a web hosting company. Hackers attacked the network and defaced 15,000 client websites. Among the clients were banks, government agencies and TV stations. According to Norton:
- $1.85 million was the average cost of a ransomware attack in 2020 — up from $761,106 in 2019.
- By 2021, global cybercrime rates involving damages will amount to $6 trillion per year or $190,000 per second.
- Only 65% of the encrypted data is actually restored after ransoms are paid.
Securing Your Organization
According to Microsoft, MFA foiled the large-scale, phishing campaign for most targets. “For organizations that did not have MFA enabled, however, the attack progressed.” Cyberattacks can be extremely costly to your bottom line and corrosive to your reputation once the hack is in play.
These MFA statistics have a common theme: Much of the potential carnage can be prevented with a robust MFA and PAM solutions set. A custom-built MFA and PAM solution set will yield the best results for your organization — as opposed to a one-size-fits-all approach. It’s much, much easier and less painful to be proactive now to add those additional layers of security while cleaning up your organization’s digital hygiene. Don’t take on the gargantuan task of cybersecurity alone. Consider working with proven partners who specialize in MFA and PAM, like The Migus Group. Schedule your assessment to fortify your company’s unique cybersecurity challenges.
Marty Aquino has been a passionate writer on venture capital, technology, forecasting, risk mitigation, wealth and entrepreneurial topics since 2009. He is the founder of Carbonwolf Energy, a venture-capital firm specializing in world-changing and status-quo-defying technologies and people.