March 4, 2024 | Intelligence Community News

When it comes to deploying multifactor authentication (MFA) solutions for cybersecurity, an added wrinkle is that these solutions now must be phishing-resistant, to hold off the relentless onslaught from threat actors. Unfortunately, there is no single “off-the-rack” solution to this problem. Depending on your agency’s particular needs, you may need to consider combining phishing-resistant MFA with an enhanced authentication experience.

The need for phishing-resistant MFA is clear from current reporting. According to StationX, in its report, Top Phishing Statistics for 2024: Latest Figures and Trends, the company cited that some “3.4 billion emails a day are sent by cyber criminals, designed to look like they come from trusted senders. This is over a trillion phishing emails per year.” The report noted that 36% of all breaches originate through phishing – and phishing is responsible for 45% of all ransomware attacks. Bad guys don’t break in anymore. They fool you into providing them with your credentials and then they simply log in.

In this article, we’ll build our case for why federal agencies must improve access controls. Let’s start with the Federal Zero Trust Strategy, to understand how that feeds into various MFA strategies.