Multi-Factor Authentication: Does It Help Protect Your Data?

Cybersecurity firm, SonicWall, Inc. is investigating a breach of its Secure Mobile Access (SMA) 100 series, a product that they state "simplifies end-to-end secure remote access to corporate resources."

The firm originally believed the compromise also affected a version of its NetExtender VPN, but they have since been able to eliminate that possibility.

As part of the investigation, experts are determining if the hackers used a vulnerability that has recently been discovered in the SMA 100 networking device. Also, investigators are not clear if this breach is connected to the Russian-based attacks against private and public entities around the country.

SonicWall assures its clients that the compromise does not involve SonicWall firewalls, SMA 1000 series, or SonicWave access points. Andrew Martin "SonicWall Says It Was Victim of 'Sophisticated' Hack" (Jan. 23, 2021).


Shortly after announcing the SMA 100 compromise, researchers at NCC Group, a global system security business, also identified a zero-day vulnerability in the SMA device’s firmware. They believe it is the same vulnerability the hackers exploited to gain access to SonicWall’s network systems.

SonicWall recently released a patch to the device’s firmware and advises corporations who use this device to immediately implement this upgrade. They also encourage clients to enable multiple-factor authentication (MFA) for SonicWall device accounts to enhance security.

MFA, sometimes referred to as two-factor authentication, is a password security process that requires two or more credentials to access an account. In its most common form, a user types in a name and password, then receives a pin number via text or email that he or she must also enter in order to gain access to the account.

MFA is a highly effective means of protecting credentials and can strengthen your organizations security position. So, not only does a criminal have to have your username and password, they must also have control of your devices.

According to researchers at Microsoft, MFA can block over 99.9 percent of account compromise attacks, including automated attacks on Microsoft platforms, websites, and other online services. Still, only 11 percent of organizations use MFA company-wide.

In fact, an article written by a member of the Microsoft Identity Division - Security and Protection Team states that creating a strong password is not nearly as helpful at protecting you against a data breach as is multi-factor authentication. In the event that your password is stolen in a data breach, the strength of your password does not matter (unless it is longer than 12 characters and never used before); however, MFA still acts as a protective barrier between the hackers and your account.

Finally, your opinion is important to us. Please complete the opinion survey:


So Where Is All The Malware Hidden On Your System?

Cybercriminals are using new technology and techniques to evade detection. Learn more about how malware is hidden from antivirus software. Read More

Are You Practicing Webcam Security?

Hackers can access a webcam and it could simply be on without your knowing. Read tips for staying safe around devices with cameras. Read More

Why Your Organization Needs A Security Breach Notification Plan

All states have laws requiring organizations to notify individuals whose personal data is hacked. Learn more about why. Read More