A cyber insurance webinar we recently hosted revealed the top cyber security practices with the most significant impact on risk. Some of these highest-ranking practices include:
Taking the top spot on the list is Multi-Factor Authentication (MFA). According to our cyber insurance partner, over 70% of claims for cyberattacks could have been avoided had Multi-Factor Authentication been implemented.
Multi-Factor Authentication (often shortened to 2FA or MFA) adds an extra layer of security to compensate for password challenges, such as weak passwords or overly complex passwords that users have been known to write down on paper and tape to their workstations.
MFA provides an additional level (or levels) of identity authentication beyond the standard username/password validation we have used for years. MFA requires two or more of the following factors for authentication:
A major cause of cyber-breach is the ability of criminals to compromise standard user authentication through sophisticated password-cracking techniques or phishing attacks. By implementing additional layers of authentication, we can ensure the user is whom they say they are and reduce the risk of a successful attack.
Regulators and stakeholders recognize the importance of MFA. Today most cyber insurance policies require MFA. In addition, meeting regulatory compliance (PCI-DSS, GDPR, PIPEDA, and so on) is often dependent in part upon MFA.
Many companies only implement MFA at initial network login. This approach simplifies implementation and reduces user impact. Following this approach assumes that once a user is authenticated, they should be fine for all network access levels if they stay connected. However, this approach ignores the value of using MFA to further secure your most critical assets and processes, a fundamental factor in cyber-insurance approval, premium cost, and compliance audits.
For example, if you have a critical application that only certain users should be able to access, then adding an MFA layer when users log into that application will help prevent someone who can bypass the network login MFA (or compromise the identity post login) to have to go through yet another layer of authentication before accessing this most critical resource.
MFA for IBM I, a third-party solution, is available from multiple vendors. It allows you to implement MFA specifically for IBM i login and target specific applications or processes running on the IBM i platform. It typically integrates with IBM exit point security as well as access control and elevated authority solutions. Most solutions utilize industry-standard authenticators such as Radius or RSA SecurID, although they also come with their own authenticators, if preferred.
As the IBM i platform typically runs your company’s mission-critical applications and houses highly sensitive data, it certainly deserves the extra layer of security that MFA can provide.
The following are two common use cases for IBM i based MFA and their corresponding implementation best practices:
The objective of implementing a native IBM i MFA solution is to add additional layers of security to your environment beyond the standard network login MFA. It is not only best practice to utilize a layered approach to implementing your IT security infrastructure, but it will help you qualify for, and reduce the cost of, your next cyber insurance policy.
For a broader discussion and review of IBM i security, look at the following blog titled “8 IBM i Security Tips.”
Director, IBM Power Server – AIX and Security Solutions
In this 30-minute workshop by Hans Kompasz, you will learn how to get the maximum benefit from Microsoft 365 while saving time and money with QBx Portal.
In this 30-minute workshop by Faraz Aladin, you will learn more about how to prevent breaches from becoming cyber disasters with Zero Trust Segmentation.
The tech community loves to throw around acronyms more than most. Two of the acronyms that may confuse discerning hardware and software purchasers are the terms are VAR and VAD. These stand for Value Added Reseller and Value Added Distributor, respectively. This blog aims to shed some light on the closely related, sometimes overlapping, tech partnerships your organization may enter into.