Why MFA alone isn’t enough: The crucial role of security awareness training

Estimated read time 5 min read



The evolving and sophisticated nature of phishing campaigns has allowed cybersecurity threats via email to penetrate organizations more effectively than ever before. Credential phishing was the threat of choice in 2023, accounting for 91% of active threat reports published. This represented a 67% increase in volume compared to 2022, which can be attributed to the increased effectiveness of cyberattacks that exploit stolen credentials, particularly in environments lacking robust Multi-Factor Authentication (MFA).

An example of this is the Change Healthcare cyberattack, where stolen credentials were used to access a server that lacked MFA. This absence was attributed to the company’s recent acquisition by UnitedHealth, which was in the process of upgrading the systems. This breach exposed the sensitive health data of millions of Americans, underscoring the critical need for basic cyber hygiene, including robust password management and MFA.

Max Gannon

Cyber Intelligence Team Manager at Cofense.

Going Beyond MFA and Unique Passwords



Source link

You May Also Like

More From Author

+ There are no comments

Add yours