The most common way cyber-criminal hackers break into enterprise networks is by stealing or guessing usernames and passwords.
The attacks, whether the goal is stealing information, executing a ransomware attack or any other means of cybercrime represent a major risk to organisations of all kinds – but there’s one thing that information security teams can do to dramatically help protect the network and its users from cyber criminals.
“You want to be using strong authentication for anyone that accesses your environment,” Ann Johnson, corporate vice president of security, compliance & identity business development at Microsoft told ZDNet Security Update.
“We know that, 99% of hacks have some type of password element, however that password was stolen. Using strong authentication will at least give you a first line of defence against that,” she said, adding: “Use multi-factor authentication for 100% of the people that access your environment 100% of the time”.
SEE: Network security policy (TechRepublic Premium)
First, it makes it a lot more difficult for a cyber criminal to break into an account, even if they know the correct username and password. Second, if multi-factor authentication stops a login attempt not made by the user, it’s an indication of potentially suspicious activity that can serve as an alert about cyber criminals attempting to breach the network.
Microsoft has previously said that multi-factor authentication works to such an extent that it prevents 99.9% of cyberattacks from breaching accounts.
But cybersecurity isn’t something that should be passed onto end users – it’s important for organisations to have information security policies in place that will protect people from cyberattacks in the first place.
One way of doing this is by applying a least privilege, zero trust model to the network, providing people with the access they need to do their jobs and nothing more.
That prevents a cyberattack from taking control of a standard account then leveraging it to gain administrator privilege or move laterally to areas of the network that the employee doesn’t need access for their job – but that cyber criminals could exploit.
That’s something that’s proved to be a difficult issue for many organisations over the past year as they have suddenly had to adapt to employees being forced to work remotely. Many employees have found themselves in difficult circumstances, sharing networks or devices with families that could allow attackers onto their device without them even knowing.
“Employees may be sharing their device with their child who’s doing schooling and then malware could come in that way,” said Johnson.
“So having least privilege on that device and having that device not be able to do anything but the minimum for the job is incredibly important. Your end users do not need admin privilege,” she added.