broken-brick-wall-modern-laptop-screen

Multi-Factor Authentication vs Ransomware: Why Your Password isn’t Enough

Estimated reading time: 5 minutes

By Kamal Brar, Vice President, Asia Pacific and Japan, Rubrik.

A global spike in ransomware threats occurred as organisations ramped up digitalisation efforts during the pandemic. Given the risks these attacks pose, educating employees on password hygiene is simply not enough anymore. To fortify cyber security efforts against ransomware attacks, organisations need to rethink their approach to cyber protection and must back well-managed passwords with multi-factor authentication (MFA) to protect data and applications, which have become a high-value target for attackers.

Prevention is better than the cure. So, the best way to protect one’s data from such attacks is to take proactive steps in strengthening cyber defence. Implementing MFA wherever possible, especially in the backup environment, is an effective security method that can significantly reduce the risks of falling victim to ransomware attacks.

Ransomware has become a significant threat in the ASEAN region.  Interpol’s ASEAN Cyberthreat Assessment reported that there were about 2.7 million ransomware detections in the region in the first three quarters of 2020 alone. Meanwhile, in Singapore, the Cyber Security Agency (CSA) revealed that ransomware cases had a sharp increase in 2020 with a total of 89 reported cases hailing from the manufacturing, retail and healthcare sectors. This showed a significant rise of 159% from the previous year. As ransomware evolves, it does not just deny access to data and systems, but may now involve data breaches as the attackers are highly likely to sell or leak data when their ransom demands are not acceded to.

Prevention is better than the cure. So, the best way to protect one’s data from such attacks is to take proactive steps in strengthening cyber defence. Implementing MFA wherever possible, especially in the backup environment, is an effective security method that can significantly reduce the risks of falling victim to ransomware attacks.

Multi-factor authentication, as the name suggests, grants access to users only after presenting a combination of factors that validate their identity. The method may request for two or more proofs of identity, including their credentials, a Time-based One-Time Password (TOTP), biometric, or a key card. This additional authentication mechanism mitigates cyber attacks by reducing unauthorised access since the attacker would need to pass the required combination of factors during authentication.

Attackers can easily penetrate systems without MFA through stolen user credentials to gain access. In such cases, cybercriminals directly target traditional backup systems to put organisations in a more vulnerable position as this eliminates the possibility for the victims to still recover their applications or data. This tactic increases the likelihood of a ransom being paid.

Employing a Zero Trust Security Approach

Data backup is often the last line of defense against ransomware. With the prevalence of compromised credentials through phishing attacks and social engineering, a username and password alone do not offer sufficient security and protection for backups, an element vital enough to help an organisation recover from malicious attacks.

This is why Zero Trust Data Management and data security strategies that are crucial in protecting the backup environment. One of the features that emerged from this approach is a native MFA via a TOTP that provides protection for a backup environment when an account is compromised.  

Attackers are constantly looking for potential attack vectors inside a target system, often scanning and probing pathways they could enter. As such, it is important that both graphical user interface (GUI) and the administrative command line interface (CLI) enforce MFA. TOTP is a widely accepted, and broadly integrated algorithm with MFA that is based upon RFC-6238 from the Internet Engineering Task Force (IETF) and is often adopted to enhance security features, such as a shortened passcode expiration that typically ranges from 30-90 seconds. Implementing this ensures that only authorised personnel will have access to company data and that they will only get to access the data they need.

Without a robust solution in place, a compromised credential could easily escalate to where IT teams can no longer recover applications or data, forcing the organisation to pay the ransom. And even so, there will still be the possibility that the attackers will not return the ransomed data in full. With a Zero Trust Data Management architecture, MFA provides customers with simple deployment and a strong defence against compromised accounts.

Targeted ransomware attacks on organisations will likely continue, which applies pressure on IT teams to assemble, enhance, or modernise their cyber incident response plans. With the continuous rise of cyber attacks, enabling MFA in the IT environment, including backups, is a critical step to help mitigate the threat of ransomware.

Without a robust solution in place, a compromised credential could easily escalate to where IT teams can no longer recover applications or data, forcing the organisation to pay the ransom. And even so, there will still be the possibility that the attackers will not return the ransomed data in full. With a Zero Trust Data Management architecture, MFA provides customers with simple deployment and a strong defence against compromised accounts.

Employing only a username-password identity authentication can bring about a lot of issues. A user may forget their password or username, which may take time to recover; they may accidentally share them with another; or it may be compromised and stolen by an outside attacker. MFA methods, like a TOTP, a biometric, or a key card can easily prevent any of these from happening. It’s time to give the simple username-password verification a tighter backup security.