Critical Infrastructure without 2FA awaits Disaster

2FA or Two Factor Authentication is a secure way to allow access. If your enterprise is not using 2FA for C-level executives that have access to mission-critical infrastructure,  a wide-scale disaster maybe just around the corner. With single step authentication, such as a simple login and password, in a single brute force attack, hackers could have access to admin level systems. In a world dominated by ever-increasing use of data systems for daily operations, leaving this vulnerability in place is no longer excusable.

The Typical Setup

There has been a lot of focus on the security of passwords, which by itself seems like a smart exercise for businesses. Ensuring employees are not using “default” or simply “password123” type passwords is a basic level of security protocol. As an administrator of critical infrastructure however, a single step of security should be an obvious security lapse, but many businesses still rely on firewalls, and anti-virus software to provide protections.

Consider the following scenario…

Cyber criminal organizations across the world are developing complex attacks to gain access to corporate network services. These attacks are developed in multiple attack vectors from email phishing attacks; brute force password attacks to DDOS botnet attacks and these organizations are getting quite adept at circumventing security systems that are not up to date. If one of your top level executives has a single step authentication process and it is compromised by a Heartbleed exposed server, they now have access to your entire network. From one simple exposure to access of your entire network, this single authentication process is simply not adequate for today’s security demands. Administrative users with this type of setup can pose a major security threat.

The 2FA

Two factor authentications is the new standard in protecting your network systems. 2FA should be used, for any manager, executive or IT employee that uses a device to login to critical infrastructure systems that have access to a wide array of networks.

A multi-factor authentication requires the user to provide two pieces of information in order to successfully login. The first piece of information is one that the user already knows, like a username and password. After this information is entered, then the login would then require a second piece of information. The second piece of information is provided by a third-party software system, generally a 4-digit pin provided by SMS text to the user. This pin would then be entered and allow login access to the network.

With this type of two step authentication, hackers or criminal organizations have no way of getting the second piece of “on-demand” information necessary for the final stage of the login. This protects the company from many types of attacks that can often gain simple access to your network.