MFA Miss Precipitates Heavy Fines from NY C …
Members of the Data Connectors Community are well aware that the utilization of Multi-Factor Authentication (MFA) protocols, like those from a number of our Community Partners, is a good idea. At the same time, those cybersecurity leaders face a constant struggle from their user communities, who chafe at the added friction they cause.
News of the recent $3M fine imposed by the New York Department of Financial Services (NYDFS) against an insurance firm subject to the agency’s Cybersecurity Regulations (“Cyber Regulations”) should empower every CISO in the Community to substantiate the need for the added security MFA brings.
Moreover, the case is instructive as it hits an incredibly common theme – the security around Microsoft Office 365. In this case, the company was ordered to pay the fine and take other corrective actions because it did not begin to implement MFA for its email system and other “third-party applications” until more than one year after the MFA rule went into effect (on March 1, 2018).
The firm in question was the target of several phishing attacks which breached the systems and is thought to have caused the exposure of a substantial amount of sensitive, non-public, personal data belonging to its customers, including thousands of New York consumers. While the insurer did notify law enforcement, NYDFS asserted with this Consent Order that they were in violation.
Office 365, by far the most widely used email and business collaboration suite used by our Community has been the target of too many Business Email Compromise (BEC), phishing/spear-phishing and other account compromise tactics to mention. Aside from Microsoft’s own Advanced Threat Protection (ATP), numerous Community Partners (Proofpoint, Mimecast, Avanan, Agari, Ironscales, etc.) offer myriad methods and solutions to combat the phishing threat.
Moreover, Community Partners that offer MFA and more other advanced authentication tools (Auth0, Okta, SailPoint, HYPR, etc.) make adding state-of-the-art identity and access management a straightforward process. Moreover, as demonstrated in their product demonstrations within the Virtual Summit Series over the past year, they do it with minimal additional friction, and a solid user experience.
Community Members are well-served to look at the MFA, passwordless, and email security, and cloud email security supplemental solutions available to them. The links above provide details on various providers, and a visit to one of our upcoming Virtual Summits would certainly include a few live, interactive demonstrations of note in the Virtual Exhibit Booths at the Solution Showcase.
Questions on MFA or Cloud/Email Security? Submit a question for an upcoming panel to learn more.
Recent news posts
State, Local, Federal Cybersecurity Executives Confer On 2022 Threats, Attack Landscape
Your Weekly DHS/CISA Threat Assessment (September 14)
Assistant to the Special Agent in Charge at USSS-DHS Leads Keynote Presentation in Philadelphia
CISA Insights: Risk Considerations for Managed Service Provider Customers
Your Weekly DHS/CISA Threat Assessment (September 3)
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.