Only 11 percent of all enterprise accounts have multi-factor authentication enabled
More than 99.9 percent of Microsoft enterprise accounts that get invaded by attackers didn’t use multi-factor authentication (MFA). This stark, though not entirely surprising, finding comes from a presentation that Alex Weinert, the tech giant’s Director of Identity Security, delivered at the RSA 2020 security conference in San Francisco in late February. Overall, only 11 percent of Microsoft enterprise accounts had MFA enabled.
According to Microsoft, an average of 0.5 percent of all accounts is breached every month; in January of this year, this was equivalent to more than 1.2 million accounts. “If you have an organization of 10,000 users, 50 of them are going to be compromised this month,” said Weinert.
The break-ins were facilitated by two factors. First, it was the lack of MFA deployment in applications using old email protocols that don’t support MFA, such as SMTP, IMAP and POP. The second factor involved people’s poor password hygiene, specifically their penchant for extremely simple passwords and for reusing their passwords across multiple accounts, both company and private.
RELATED READING: 2FA: Double down on your security
Around 480,000 compromised accounts, which represents some 40 percent of the total, fell victim to password spraying. Using this automated method, attackers test some of the most commonly used passwords to see if they ..
Support the originator by clicking the read the rest link below.
