Any cyber security professional will tell you that your infrastructure is only as secure as your weakest link. Today we live in an era where many workers are given extensive remote access to critical systems, whether it’s cloud application access, virtual private networks (VPNs), or even common office apps like email. No matter where you are in the world, it’s likely you can access these networks and do your job from a remote location.
This is even more prevalent now in the midst of the global COVID-19 pandemic, where employees from almost every company that can are working from home. And that is where the trouble begins for many cyber security teams. According to a recent survey, 95 percent of security professionals face growing IT challenges as more people work from home. The greatest concerns: provisioning secure remote access (56 percent) and deploying scalable remote access tools (55 percent).
And the challenge goes even deeper than just building good remote access networks. It also comes down to the usage habits of end-users. Cybercriminals are quite adept at stealing login credentials from unsuspecting users, usually through social engineering phishing attacks. Proving a user’s identity beyond the shadow of a doubt is the cyber security imperative.
The Critical Role of Multi-factor Authentication
Multi-factor authentication (MFA) is the practice of requiring at least one additional form of user authentication—besides a password—when accessing a remote network. The most common form of MFA is the one-time password. These unique passwords used to be provided to users in the form of a safe “token” (like a key fob) but now are more frequently delivered via SMS messaging, email, or from an authentication mobile app (such as Google Authenticator).
When logging in to a system remotely, the user first enters the regular password and is then prompted to enter the one-time password or passcode. The second factor ensures that even if a user’s login credentials are stolen or hacked, access to the network can remain secure. This keeps bad actors out of the network where they can compromise financial or other proprietary data, or initiate other network attacks.
The global multi-factor authentication market is experiencing strong growth, with a CAGR of 14 percent expected from 2020-2025, according to BusinessWire, which also recently outlined various use cases for authentication in different industries. For example, the banking and financial services industry is increasingly using it for core banking, trade finance, international payment, and online banking. MFA is also common in other industries like healthcare, retail, and segments that need to secure the Internet of Things (IoT) devices.
Key Drivers of Multi-factor Authentication
Smart IT executives will undoubtedly increase the deployment of multi-factor authentication solutions in 2020. A survey conducted by Pulse Q&A for Microsoft in October 2019 highlighted a range of important findings and statistics:
- 80 percent of hacking data breaches come from weak or compromised passwords, according to Verizon’s 2019 Data Breach Investigations Report
- 59 percent of respondents plan to implement MFA in three to six months, and 26 percent will do it in 12 months
- Hackers and cybercriminals who compromise identities and access networks avoid detection for an average of 100 days. That’s a tremendous amount of time for a bad actor to penetrate additional critical systems
Biometrics and Other Exciting MFA Methods
More advanced authentication methods such as biometrics have been on companies’ wish lists for many years, and biometric solutions are now finally coming of age. The market for mobile biometrics is expected to grow at a 31 percent CAGR between 2018 and 2023, adding more than $28 billion a year in incremental growth, according to Biometric Update. Widespread adoption spans a range of new technologies, including mobile biometrics, 3D sensors, and healthcare biometrics. Gartner listed “passwordless” authentication as it’s #4 trend in the Top Security and Risk Trends for 2020, driven by strong demand and availability of biometrics and strong hardware authentication solutions.
3D sensors are a fascinating example of advanced technology at work. As Biometric Update shares, 3D sensor types include “image, position, acoustic, accelerometer, and temperature sensors, and major end uses are consumer electronics, healthcare, aerospace and defense, automotive, industrial robotics, security and surveillance, and media and entertainment.”
Companies are also adopting what’s known as behavioral biometrics, which tracks a user’s keystroke patterns, typing style, touchscreen gestures, mouse speed, and other factors. Any anomalous behavior is flagged and so that security administrators can revoke remote access privileges.
Keeping Pace with the Cyber Security Trends
Multi-factor authentication has been around for years, but new technologies are making life much easier for end-users and for the cyber security teams that are protecting them. Cyber security professionals can advance their knowledge of MFA and other authentication methods through skills certification training, such as CISSP Certification Training, CompTIA Certification Training, and the Cyber security Expert Master's Program, they are all great ways to keep pace with the latest in cyber security best practices.