Avoid Deloitte’s Troubles by Using Two-Factor Authentication
An email breach at industry giant Deloitte has led to one of the world’s most costly hacks for the Fortune 500 company. It could have been avoided if the company had only followed its own suggestions.
Headquartered in New York, Deloitte stands as one of the largest private companies in the US, which reported $38.8 billion in revenue last fiscal year. It offers tax, auditing, consulting, and cybersecurity advisory services to major governments and large Fortune 500 multinationals. Interestingly, the company, which is known for its cybersecurity advice, fell prey to hackers that targeted the company using a well-known, if misunderstood attack.
Simply put, hackers gained access to Deloitte’s network by cracking the password on an admin account that did not require a two-step authentication. That access provided the cybercriminals with unrestricted access to all areas and privileged data. The Irony here is that Deloitte offers advice on Multi-factor authentication, yet had not implemented the technology on its own internal systems.
However, there is a silver lining here, one that highlights the importance of two-factor authentication (2FA) and how effective it can be for securing critical resources. Today’s businesses can learn from Deloitte’s (and many other organizations’’) failures, and embrace 2FA to better protect their resources. However, there is quite a bit of FUD (fear, uncertainty, and doubt) surrounding 2FA, with many thinking it is difficult to implement and even harder to manage. Today, nothing could be further from the truth, thanks to cloud-based services that when combined with best practices make it easy to implement 2FA.
The keys to successfully implementing 2FA come in the form of making it easy to deploy, simple to use, and most importantly, the ability to seamlessly integrate 2FA into mission-critical applications. However, that is only a small part of the overall 2FA security formula. Those implementing 2FA should also look at some other critical capabilities, Including:
- The ability to generate single-use passwords
- Ensuring the solution is easy for end users to operate
- Providing credentials that are secure and cannot be stolen or guessed
- Incorporate a full audit trail, ensuring that administrators know the who, what, when, where of access
- Integration with identity management systems and solutions
- The ability to manage credentials securely and remotely
By adhering to best practices and selecting products (and/or services) that ease the path to 2FA, businesses can immediately improve their security standing and avoid the type of hack that has become all too common.
Of course, there is a lesson to learn here. Deloitte did not seem to follow their own advice and fell prey to the very type of attack that they had warned about. While the reasons for failing to deploy 2FA at Deloitte may never be known, the fact remains that properly securing systems means looking at strengths and weaknesses, and evaluating how those impact operations.
For many, 2FA is a technology perceived as far too difficult to deploy. However, those same individuals have failed to pursue the needed due diligence to keep critical business applications secure and also failed to acknowledge how 2FA has evolved. What’s more, prices on 2FA have come down, and ease of implementation has increased - all thanks to the cloud.
Businesses looking to properly secure systems must look further into 2FA and implement it as quickly as possible, and only then can those businesses not fall prey to the same hacks that Deloitte has.
For more information on implementing 2FA, please visit the AuthAnvil by Kaseya web site.
Frank J. Ohlhorst
Frank is an award-winning technology journalist and IT industry analyst, with extensive experience as a business consultant, editor, author, and blogger. Frank works with both technology startups and established technology ventures, helping them to build channel programs, launch products, validate product quality, create marketing materials, author case studies, eBooks and white papers.