Multifactor authentication (MFA) is in our critical ransomware defense best practices as number five. It goes hand in hand with enforcing strong passwords. Together, they add a crucial layer of protection to defend against a ransomware attack’s early and sometimes late stages (exfiltration path).
In many ransomware investigations, users unknowingly provided their credentials to phishing websites or have fallen victim to password leaks from other services. Many types of ransomware rely on stolen or weak credentials to gain access to systems. MFA helps mitigate this risk by adding an extra layer of authentication. Even if an attacker obtains a user’s password, they would still need the other factors to authenticate successfully. MFA acts as a strong deterrent against attacks using stolen or leaked credentials.
MFA systems have another vital role to play. Most include session monitoring logs. These logs track user activity and manage access privileges. These logs, when ingested into an NDR or SIEM tools, allow the AI in these tools to monitor for suspicious behavior like multiple failed login attempts, unusual login locations, or access from unfamiliar devices. The SIEM or NDR tool can then trigger additional security measures in the MDF system, such as blocking access or requiring additional authentication.
In our experience, very few organizations can implement MFA for every employee or partner who needs access to critical data, and the attacker only needs to compromise a single account. MFA is vital, but like other categories we discuss in this blog series, it, in and of itself, will not prevent ransomware attacks. Still, it is another critical piece of your ransomware defense strategy.
Here are some best practices to consider when using multifactor authentication:
- Enable MFA: Enable multifactor authentication on all critical services such as email, banking, and social media. Most online platforms provide MFA options, such as SMS codes, authenticator apps, hardware tokens, or biometric factors like fingerprints or facial recognition.
- Use different authentication factors: Ideally, leverage multiple types of elements for authentication, such as something you know (passwords or PINs), something you have (physical tokens or smartphones), and something you are (biometric data). This approach provides a higher security level than relying on a single factor.
- Utilize a strong primary authentication method: Ensure that your primary authentication method (typically a password) is strong and unique for each account. Use a combination of upper and lowercase letters, numbers, and special characters. Avoid using easily guessable information like personal details or common passwords.
- Protect your authentication factors: Treat your authentication factors (e.g., hardware tokens, smartphones) with the same level of care as you would for your passwords. Keep physical tokens secure, enable lock screens on your devices, and use biometric features if available.
- Have backup options: Maintain backup options if your primary authentication method fails or is unavailable. For example, keep backup codes provided by the MFA solution, have alternative devices registered for authentication, or retain access to alternative email addresses for account recovery.
- Update contact information: Regularly update the contact information associated with your accounts, such as phone numbers and email addresses. This ensures you receive notifications and recovery options in case of suspicious activity or account compromise.
- Be cautious with password recovery options: When using password recovery options that rely on MFA. Ensure that the recovery methods are secure and can’t be easily bypassed by an attacker.
Multifactor authentication significantly enhances security; it’s not foolproof. Implementing other security measures, as defined in our earlier blogs, is essential.
Stay tuned for next week’s blog as we discuss best practices for Continuous Improvement to protect your organization and defeat ransomware.
To learn more, reach out to CyGlass:
www.cyglass.com/solutions-ransomware-defense
Bill Munroe
VP of Marketing, CyGlass
