The Colonial Pipeline cyber attack made headlines in May, 2021 due to its massive impact on the gas supply for the East Coast, supplying 45% of its fuel supply. News of the ransomware attack and its subsequent shutdown for a total of six days instigated a run on gasoline that drove up gas prices to a higher price than seen in years. Not to mention thousands of gas stations were left without fuel to sell.
As more news has been released in the aftermath of the attack, it has become evident that the actual attack itself was made possible due to one password being compromised for an account that did not use Multi-Factor Authentication. Just one. That was all it took.
The VPN Account Used to Conduct the Colonial Pipeline Cyber Attack Did Not Use Multi-Factor Authentication
Although there are many lessons to be learned from the attack on Colonial Pipeline, one of the biggest is the ineffectiveness of relying only on a username and password alone to access vital corporate data.
According to a consultant who investigated the attack, the password used to access the compromised VPN account has been discovered in a batch of leaked passwords on the dark web. This intimates that the password used on the VPN account might also have been used on another account.
Regardless of how the the password was sourced, the situation was not helped by the fact that the VPN account did not use MFA.
In actuality, the compromised VPN account was no longer in use, but it was still able to provide the hackers with access to vital corporate data, and entirely shut down a major gas supplier.
Although it is unknown how the hackers were able find the username for the account, it is clear that having a basic MFA security tool in place could have aided in keeping the hackers out. At the very least, having an extra layer of protection could have swayed the hackers desire to go after that particular organization.
Multi-Factor Authentication (MFA) Could Have Prevented the Colonial Pipeline Cyber Attack
If we needed proof for the importance of MFA in 2021, the situation with Colonial Pipeline should answer the question once and for all. Ultimately, the less enticing your data is, the less likely someone will steal it. If an account has MFA in place, hackers might simply move on to the next target. Perhaps this is indeed what happened in the case of Colonial Pipeline. The hackers could presumably have moved onto Colonial Pipeline after realizing the account was not secured by MFA.
If all hackers need are a password (that they already have) and a username (that they can figure out), then there really isn’t much keeping them from targeting your organization.
MFA makes accounts harder to access by ensuring you have two things to get in. On the one hand, that is something you know – a username or password. The other could be:
a. Something you have (a phone, a USB, a keycard).
b. Something you are (fingerprints, iris scan, or some other biometric indicator).
By requiring both something you know and something you have/are, enterprises can better ensure their security and fend off unwanted cyber attacks.
What are the Benefits of MFA?
Apart from the obvious benefits – those being not having to pay 4.4 million in ransom to hackers, for example – MFA offers several additional benefits to organizations.
Again, MFA grants a more powerful cyber security layer for businesses and organizations. Additionally, MFA has become increasingly important in the modern work world. As we’ve seen from the pandemic, it is essential that businesses have a work from home strategy in place. Not only is this because so many people work from home now – it’s also because we now know that there are emergency situations when work from home MUST be allowed. If 2020 taught IT anything it’s that at a moment’s notice a natural disaster or pandemic can cause countless businesses and organizations with countless workers to switch to remote work virtually overnight.
In the case of iQor, a leading BPO company and Stratodesk customer, this need was even more extreme. With countless workers based in places like the Philippines where the lockdown was dramatically enforced, businesses were ordered to have workers out of office and working from home on a moment’s notice.
As restrictions become lessened in the United States, and workers return to the office, many employees are choosing to quit rather than return. In fact, despite a booming job market, employee turnover is at an all time high. Although there are many reasons as for why this is happening, one is certainly the desire of many to remain working remotely.
Employers can answer this challenge through continuing remote work practices post pandemic and beyond. By enabling remote work, and letting employees choose where they live and work from, employers can overcome the talent crunch.
By enabling MFA, enterprises can make remote work possible. For those wanting to avoid the terrible consequences of not having a secure environment, they can enable MFA best practices and boost security without hampering end user experience.
Stratodesk NoTouch Center 4.5 Incorporates ZeroTrust Principles and Enables MFA
As a response to the changing work behaviors, and inline with Stratodesk’s innate ambition to constantly innovate, NoTouch Center 4.5 and OS 3.3 “Emerald Bay” was released. Emerald Bay seeks to take enterprises beyond post pandemic survival and enable them to thrive by up-leveling cyber security, enabling Role Based Access Controls, and more.
The introduction of MFA support to NoTouch Center makes the solution even more secure than it was. The main driver behind this is the increased security threats that can be unintentionally introduced by employees, malware or key logging software that might steal passwords etc. We are also seeing a large number of customers looking to deploy NoTouch Center in their own public cloud platforms like Microsoft Azure, Amazon Web Services or Google Cloud and need extra layers of security when it comes to user authentication.
Any user wanting to log into NoTouch Center will need to confirm a six-digit passcode along with their password.
The new methods for MFA are TOTP via an authenticator App (from the likes of Google or Microsoft but others will work as well), email or text-based MFA via Twilio which requires a separate Twilio subscription.
Learn more about how to enable MFA in Stratodesk NoTouch Center via the following “how to” blog post.