Cyber Defense eMagazine December Edition for 2021

How does this relate to MFA? Well, multi-factor authentication ensures that the person sitting on the other
side of the monitor is exactly who they say they are. By implementing MFA, organizations can secure
their data so it cannot be accessed by any bad actor who has stolen logins and passwords. The
technology giants have known about it for years.
The recent research shows that the global size of the MFA market will grow from USD 11.1 billion in 2021
to USD 23.5 billion by the end of 2026. However, many companies have previously recognized the
pressing need for global MFA adoption in their organizations. Facebook, Google and Twitter were the
first to implement this technology. Another, such as CA Technologies, Vasco Data Security International,
RSA Security LLC or Symantec Corporation, anticipating in 2016, the growth of the market, just then
began large investments in research and development in this area.
My way or the highway
There is no need to convince anyone about the effectiveness of MFA as the technology giants have
already battle tested it. Google corporation has kept 85K employees from getting phished since 2017. A
recent declaration proving that MFA is the ‘must have’, comes from Mark Risher, Sr Director of Product
Management at Google. On May 6 2021, he informed the media that soon Google account holders will
be forced to use multi- factor authentication if they still want to use the company's services.
And you can't be surprised at all because, today no company network is no longer a secure castle that
cannot be accessed by outsiders. On the contrary - the growing number of applications in the cloud,
working from home and from unsecure networks means that every person who appears in our network
must be treated as an intruder. This approach is called the zero trust security model where the key to
effective data protection is making sure we know who the person sitting on the other side of the screen
is. Without this certainty, no security measures are effective.
A Google study found that simply adding a recovery phone number to an account prevents nearly 100%
of automated bots attacks, 99% of mass phishing attacks, and 66% of targeted attacks.
Too expensive, too hard
So why is MFA - considered by experts to be one of the most effective methods of protecting the user
against identity theft - yet still used on a handful of applications and not organization-wide?
The main problem with the widespread adoption of MFA in public organizations and institutions is the
complexity and costs. The implementation of multi-factor authentication throughout the entire
organization, requires a lot of capital and time. The highly heterogeneous IT environments, to which it is
difficult to match the right tools, are also a big obstacle.
One of the approaches to cybersecurity is the user access security broker approach which simply adds
MFA between the application and the user. The security broker is placed as an intermediary layer that
blends into the application, giving full control not only over the authentication phase, but over the entire
user session. Importantly, such action does not require any programming work. It frees from the vendor
Cyber Defense eMagazine – December 2021 Edition 73
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.