Implementing Multi-Factor Authentication in Response to Cybersecurity Breach

About the Firm

The firm had transitioned to the cloud because of a ransomware attack on their previous on-premises environment. In that situation, the servers had been taken hostage via the use of an old admin password. When the cloud migration project was completed, the firm was advised to implement multi-factor authentication (MFA). They opted out of the implementation until a more convenient time.

As soon as the breach was mitigated by GadellNet’s cybersecurity team and the environment had been resecured, the main point of contact met with their dedicated GadellNet account manager to talk about implementing MFA.

Challenge

The firm experienced a breach to their cloud-based email and file storage platform as a result of a targeted phishing attack. They were tipped off to the breach when the payroll

system flagged a transaction for $150,000 for three hours of work made payable to a fictional employee.  To compound the issue, this breach happened the same week that the payroll accountant and the company’s CEO were both out of the office

Solution

GadellNet’s cybersecurity team worked to implement multi-factor authentication and roll it out in a timely manner to the team. This includes enrolling employees and ensuring employee buy-in. GadellNet now monitors this firm’s environment 24/7 through our automated threat detection.

Impact Made

MFA can seem like an annoying extra step, but it could be the difference between a secure server and a major breach. Since GadellNet implemented MFA, the firm’s leadership have reported that they sleep better at night knowing that the solution stops 99.9% of breaches from email.

Attacks like this one can no longer be treated as an “if…”, they are a “when…”. Bad actors are becoming more adept at infiltrating your systems and attacks are becoming harder to identify. Without proper cybersecurity precautions, your organization could be left exposed.

Key wins include:

  • Being proactive by implementing security measures like MFA is the best deterrent for data breaches.
  • Most data breaches occur because an employee accidentally lets in a bad actor. These guys are getting good, not to mention patient, which is why it is of paramount importance to train employees on how to detect phishing scams.
  • Since email addresses are usually also a username, hackers already have access to half the information they need to breach the system.
  • Employees can be targeted based on their role within the organization.
  • Once a breach has occurred, it is likely that the bad actor will return in short succession. Remaining vigilant, even after the first attack has been stopped, is the best way to protect against further data loss.

“In the 12 months since implementing MFA, this client has had zero breaches.” – Account Manager