Intelligent Tech Channels Issue 74 | Page 39

bench-testing reports on MFA do vary , some results show protection factors of above 99.99 %, meaning less than one in 10,000 attempts on an MFA-protected corporate account will succeed .
MFA is a concrete hurdle for attackers and provided phishing-resistant variants such as FIDO2 , which uses public-key cryptography and is stronger than SMS-based OTPs are implemented , an organisation can consider itself strongly protected .
Endpoint privilege management
Once an attacker has compromised the right account , they can do the kind of damage that makes headlines . They can poke around
Password-spray attacks have been around forever . They differ from a brute-force attack , in that they hit a large quantity of accounts with the most common passwords . intellectual property , plant ransomware in multitier backup systems , send convincing emails from genuine corporate accounts , and much more . Assuming an organisation has effective password management and MFA in place , we are now discussing a highly unlikely occurrence , but that does not mean we should not prepare ourselves .
If an attacker does get this far , our next objective is to limit their opportunities for lateral movement . This can be achieved by adhering to the principle of least privilege , PoLP , where every user and machine account is granted only those permissions necessary to carry out their function . PoLP also happens to be one of the pillars of zero-
INTELLIGENT TECH CHANNELS 39