Commentary

Shortly after announcing the SMA 100 compromise, researchers at NCC Group, a global system security business, also identified a zero-day vulnerability in the SMA device’s firmware. They believe it is the same vulnerability the hackers exploited to gain access to SonicWall’s network systems.

SonicWall recently released a patch to the device’s firmware and advises corporations who use this device to immediately implement this upgrade. They also encourage clients to enable multiple-factor authentication (MFA) for SonicWall device accounts to enhance security.

MFA, sometimes referred to as two-factor authentication, is a password security process that requires two or more credentials to access an account. In its most common form, a user types in a name and password, then receives a pin number via text or email that he or she must also enter in order to gain access to the account.

MFA is a highly effective means of protecting credentials and can strengthen your organizations security position. So, not only does a criminal have to have your username and password, they must also have control of your devices.

According to researchers at Microsoft, MFA can block over 99.9 percent of account compromise attacks, including automated attacks on Microsoft platforms, websites, and other online services. Still, only 11 percent of organizations use MFA company-wide.

In fact, an article written by a member of the Microsoft Identity Division - Security and Protection Team states that creating a strong password is not nearly as helpful at protecting you against a data breach as is multi-factor authentication. In the event that your password is stolen in a data breach, the strength of your password does not matter (unless it is longer than 12 characters and never used before); however, MFA still acts as a protective barrier between the hackers and your account.