The tools available for hackers are growing, and Multi-Factor Authentication (MFA) within the enterprise is essential in combating attacks that use internal accounts of an enterprise to steal data, according to Centrify.
The company's vice-president of product strategy, David McNeely, said a strong focus for the cyber-security company is educating people about MFA and how it can be effective in establishing a sturdy line of defence within the enterprise.
MFA combines something a user knows like a username and password, with something they physically have like a token, magnetic card or phone, with a physical characteristic of that individual including a fingerprint or voice.
McNeely said recently, the number of hackers attacking a network by masquerading as a legitimate user of a particular network has amplified.
“The attackers have figured out ways to penetrate past firewalls and antivirus tools in a way that they re-use your credentials to get from one computer to others. If you look at the tools available for hackers now, it is strong,” he added.
“With all of those tools in place, combined with social networking where names of business people and their role within a company is published, it makes it a lot easier to send very specific, personalised emails that appear to be from a chief executive of a company or someone from a board. If a hacker sends an email that looks like it is from a valid recipient, a person may open it and at that point, become infected.”
However, McNeely said that adoption of MFA within the enterprise has been slow on the uptake, but the strong momentum of Cloud, particularly within Australia, has meant that the old challenges can be alleviated.
"Implementing MFA in the enterprise has been an uphill battle as it can create a burden for IT as an organisation needs back-end structure to support it. It was more cumbersome to use.
"Cloud availability means you don't need any dedicated infrastructure or servers on your premises, but it also means it works for things that are in the Cloud, behind the firewall, on servers and in Infrastructure-as-a-Service (IaaS)," he said.
"Now however, we have been able to re-purpose the mobile phone and take advantage of the ability of post notifications of the application or server that a user may try to authenticate. A user will receive an alert notification on their mobile phone and they can simply slide it to approve or deny it as a way to provide that multi-factor.”
Centrify A/NZ country manager, Lachlan McKenzie, added that working with a customer to customise exactly how they want to play the MFA is a way to minimise the barrier to entry.
According to McKenzie, Centrify is looking for channel partners within the A/NZ region that can offer this advice to customers as well as offering additional professional services and technical knowledge surrounding the company’s products.
McKenzie added that since the company opened a local datacentre in Australia in December 2015, the company can pursue the financial sector and government agencies within the country.
“We are now able to tick that box for government agencies and the financial sector in terms of having data hosted locally. That was an objection we were facing, which isn’t the case anymore.”
Centrify Asia-Pacific senior sales director, Niall King added that Australia’s rapid adoption of Cloud services also drove the decision behind the datacentre.
“Many Australian customers are moving to take advantage of Cloud services like Office 365 and Amazon Web Services. We believe that more customers will now say yes to Centrify because data is stored in Australia.
"This is particularly important with our increased focus on winning new business in government and financial services — areas where we are very strong in the US and Europe,” he added.