Multi-Factor Authentication: Does It Help Protect Your Data?

Cybersecurity firm, SonicWall, Inc. is investigating a breach of its Secure Mobile Access (SMA) 100 series, a product that they state "simplifies end-to-end secure remote access to corporate resources."

The firm originally believed the compromise also affected a version of its NetExtender VPN, but they have since been able to eliminate that possibility.

As part of the investigation, experts are determining if the hackers used a vulnerability that has recently been discovered in the SMA 100 networking device. Also, investigators are not clear if this breach is connected to the Russian-based attacks against private and public entities around the country.

SonicWall assures its clients that the compromise does not involve SonicWall firewalls, SMA 1000 series, or SonicWave access points. Andrew Martin "SonicWall Says It Was Victim of 'Sophisticated' Hack" (Jan. 23, 2021).


Shortly after announcing the SMA 100 compromise, researchers at NCC Group, a global system security business, also identified a zero-day vulnerability in the SMA device’s firmware. They believe it is the same vulnerability the hackers exploited to gain access to SonicWall’s network systems.

SonicWall recently released a patch to the device’s firmware and advises corporations who use this device to immediately implement this upgrade. They also encourage clients to enable multiple-factor authentication (MFA) for SonicWall device accounts to enhance security.

MFA, sometimes referred to as two-factor authentication, is a password security process that requires two or more credentials to access an account. In its most common form, a user types in a name and password, then receives a pin number via text or email that he or she must also enter in order to gain access to the account.

MFA is a highly effective means of protecting credentials and can strengthen your organizations security position. So, not only does a criminal have to have your username and password, they must also have control of your devices.

According to researchers at Microsoft, MFA can block over 99.9 percent of account compromise attacks, including automated attacks on Microsoft platforms, websites, and other online services. Still, only 11 percent of organizations use MFA company-wide.

In fact, an article written by a member of the Microsoft Identity Division - Security and Protection Team states that creating a strong password is not nearly as helpful at protecting you against a data breach as is multi-factor authentication. In the event that your password is stolen in a data breach, the strength of your password does not matter (unless it is longer than 12 characters and never used before); however, MFA still acts as a protective barrier between the hackers and your account.

Finally, your opinion is important to us. Please complete the opinion survey:


Credential Stuffing Attacks: What Types Of Organizations Are The Most Vulnerable?

A British institution falls victim to a credential stuffing system attack, shutting down its mobile access. Read about this cyber threat and how to protect your system. Read More

Microsoft Exchange Hack: Update Needed ASAP

Patches often fix vulnerabilities that cybercriminals are exploiting. Read why automatic updates are important, especially after the Exchange hack by a foreign agent. Read More

Malware Rarely Announces Itself But Waits In The Shadows

A newly identified malware on Mac computers that seems active, has yet to execute a payload. Security experts are baffled. Understanding current threats is a key defense. Read More