Why using multi-factor authentication across the enterprise is a no-brainer

by Mark Perry, APAC Chief Technology Officer at Ping Identity

Credit: ID 137356047 © Dg Studio | Dreamstime.com

Delivering superlative and seamless customer experiences has become the overriding business imperative in 2018-19. It’s sparked a rush to embrace digital technologies, as Australian organisations of all shapes and sizes attempt to ensure they’re not left behind in what management consultancy PricewaterhouseCoopers has dubbed the ‘intelligent experience economy.’

Meanwhile, the challenge of securing customer and corporate data has never been greater, nor the stakes higher. Security breaches can ruin a brand’s reputation, erode customer trust and increase the likelihood of customer churn.

They’re also expensive – 2018 research commissioned by IBM revealed the average cost of a data breach globally was $US3.86 million, when factors including technical investigations, recovery, notifications and legal and regulatory activities are included on the tab.

Australian organisations may be hit with additional charges, in the form of fines from the Office of the Information Commissioner, if they fail to follow its breach reporting protocol and implement appropriate remediation measures. Tough new privacy laws introduced in February 2018 saw penalties for organisations which fail to comply increase to a maximum of $1.8 million.

It’s a significant sum which pales into insignificance when compared to the maximum penalties imposable under the European Union’s GDPR data privacy legislation. The new laws came into effect in May 2018 and apply to any organisation which collects or stores the personal data of an EU citizen, including those living outside the EU. Privacy breaches carry a maximum penalty of 20 million pounds or four percent of global turnover; whichever is greater.

Old prejudices die hard

Enhanced security measures can counter the risk of a breach occurring but historically they met with employee and management pushback, courtesy of the fact they were perceived  – with some justification – as onerous and frustrating.

But times are changing and the road blocks to deploying tried-and-true solutions such as multi-factor authentication (MFA) have been progressively dismantled in recent times.

Poor user experiences have been improved with the introduction of adaptive authentication, self service capabilities and phone-as-a-token authentication. Out-of-the-box APIs, SDKs and integration kits have reduced the expense and complexity associated with implementation and cloud-delivered solutions, which require minimal effort and oversight to run effectively, have seen infrastructure and administration costs plummet

Security’s impact on budget, IT resources and user productivity has been minimised to the point that it’s now feasible for organisations to deploy high level, enterprise-wide protection in the form of MFA, against the number one form of attack: compromised employee credentials.

Why bother?

There are numerous scenarios in which the use of MFA can mean the difference between disaster averted and an embarrassing, expensive and time-consuming mop-up job, after defences have been breached.

They include: the targeting of employees with sophisticated phishing attacks, using information that’s been gleaned from compromised applications or publicly-available sources; the infiltration of corporate systems, via partners whose security measures are less than rigorous; and the storage of company data on unsecured personal and corporate devices.

Implementing MFA can also protect customers from their own apathy. Despite awareness raising campaigns about the dangers of password reuse, millions of individuals continue to recycle the same easily guessable letter number combinations across multiple sites. That’s a boon for hackers as it means cracking a single password can result in entree to multiple sites and applications.

Research has shown the majority of consumers are loathe to adopt MFA, even when it’s offered as an option. Embedding MFA measures in all consumer-facing mobile applications, in the form of password resets, identity verification calls, high dollar transaction approvals and the like, would do much to prevent reluctant and overly relaxed types falling victim to their own cyber-carelessness. Over time, it may also raise general public awareness about the need to be cyber-vigilant – no bad thing in an era where digitisation continues to proceed at a rapid clip.

A head start against hackers

Hackers have been hard at it for years, devising innovative ways to breach organisations’ cyber-security defences, disrupt their operations and make free with their data. Recent research suggests they’re doing pretty well. The results of a 2018 Cyber Security Review led by the Department of Prime Minister and Cabinet showed cyber-crime was costing the Australian economy up to $1 billion in direct costs alone. Much of the threat comes from offshore criminals using ransomware and credential harvesting malware to hijack systems and access data for unlawful purposes.

Modern MFA solutions are a means whereby organisations can reduce the risk posed by these common forms of cyber-attack without impeding employees, partners and customers in their dealings with the enterprise.  They also support the drive for innovation and allow you to contextually step up your security and mitigate the costly risk of stolen credentials, while providing a frictionless user experience.

Tags Ping IdentityMulti-factor authenticationGDPR (General Data Protection Regulation)

Show Comments