"A Majority of Companies Hacked in 2021 Did Not Improve MFA Controls Following Attack"
According to a report recently released by HYPR and Cybersecurity Insiders, many organizations remain vulnerable to credential attacks because of inadequate Multi-Factor Authentication (MFA) and a general lack of urgency about the growing threat landscape. The study surveyed over 400 security and IT professionals, 89 percent of which said they experienced a phishing attack against their organization in 2021. Of the 400 professionals, 34 percent revealed that their organization faced a credential stuffing attack. Despite the increase in the number of breaches, most of these organizations did not take steps to improve their password-based authentication controls after experiencing an attack. In addition, 65 percent of those who have implemented a passwordless system continue to use methods based on shared secrets, such as One Time Password (OTP) or Short Message Service (SMS). This article continues to discuss key findings from the report regarding the state of passwordless security, why traditional MFA is failing, how organizations can reduce the risks of credential attacks, and why authentication is only a piece of Zero Trust.