The use of multi-factor authentication (MFA) could prevent as much as 80–90% of cyber-attacks, according to figures cited by the US national security cyber chief.
Anne Neuberger, who’s deputy national security advisor for cyber and emerging technologies, said the stat was itself referenced by a number of the tech CEOs who attended a meeting with President Biden last week.
MFA is one of the five key measures that Biden has mandated be rolled out across federal government by November, as part of his executive order on cybersecurity.
Alongside MFA, she urged leadership teams at US organizations to implement four steps ahead of the holiday weekend. The others were strong passwords, prompt patching of all software, a review of incident response plans, and up-to-date backups which are segregated from the corporate network.
Given that the press conference with Neuberger was held on Thursday, it’s unlikely that these steps could be actioned in time by end-of-play Friday, especially her exhortation to “update and patch all software.”
However, it served once again to remind organizations that they must play their part in protecting the country and its national security from attacks.
As well as the executive order, Neuberger is said to have penned a letter to business leaders in June, urging them to take action against the mounting threat of ransomware.
It also follows a CISA and FBI alert this week warning that major ransomware attacks like those on Colonial Pipeline, JBS and Kaseya all occurred on holiday weekends.
To that end, Neuberger repeated CISA’s advice to firms that they should engage in threat hunting to try and head-off attacks before they can cause any damage.
“Security teams should proactively hunt on a network. It’s kind of like a digital version of walking the beat. Look for any initial signs of compromise or anything unusual on a network,” she said.
Interestingly, Neuberger also noted a slowing in the frequency of major ransomware attacks in the past couple of months, but wouldn’t be drawn on why this might be.