MFA Assessments Unpacked Part 1: What is an MFA Assessment?
March 14, 2023 •
In our introduction to this series on MFA Assessments, we talked about how there’s been increased scrutiny of cybersecurity policies in recent years.
Answering dozens of MFA-related questions on cyber insurance applications, vendor assessments, security audits, and more, is now a regular part of many IT professionals’ jobs. Being able to answer these questions accurately and efficiently has placed a heavy weight on many IT directors, especially in small to medium-sized organizations.
To help you fill out these questionnaires and more, we’ve put together this series on unpacking MFA assessments.
In this chapter, we’re going to discuss what an MFA assessment exactly is, and why you should do one.
What is an MFA Assessment?
An MFA assessment is a comprehensive look at where MFA is and could be enabled in your network, services, and email, who uses it, and how effective that MFA is.
The MFA assessment our series will walk you through will encourage you to catalog your digital assets, find out who has access to them, and discover what protections are in place.
MFA assessments may form part of a more extensive cybersecurity audit that your company is undertaking, or it could be a regular annual or quarterly check-up that you do to ensure your cybersecurity posture is continuing to be as strong as possible.
Why should you do an MFA Assessment?
MFA is an incredible tool that can protect you from the costs and headaches that follow a cyber-attack or data breach.
IBM estimates that a cyber attack will hit 83% of companies this year and that having MFA implemented across your network can save you around $185,000 USD if you get hacked. MFA can prevent over 99.9% of account compromise attacks.
Having a complete understanding of your MFA implementation scope and any possible deficiencies is critical to prepare for potential cyber-attacks.
Conducting an MFA assessment will also help you prepare for insurance, compliance, and other applications that require you to have an in-depth understanding of your cybersecurity landscape.
When are MFA assessments a requirement?
Check out some of the places where MFA or MFA assessments have become a mandatory requirement:
- Many supply chain vendor applications now require minimum cybersecurity protocols in place, including MFA.
- Almost all cyber insurance providers require MFA attestations and the implementation of MFA to obtain a policy.
- Governments worldwide are urging businesses and organizations to adopt cybersecurity controls, and MFA is considered table stakes.
- Recent court rulings are forcing cyber insurers to conduct deeper diligence regarding the cyber posture and MFA assessments will be a vital tool going forward.
- The IRS now requires organizations that have access to federal tax information to have MFA on all remote access services.
- The FTC mandates that all companies that provide financing or loans must do a cybersecurity assessment and implement MFA for anyone accessing customer records.
Those are just a few areas where MFA or MFA assessments are now necessary. Whatever your unique reasons for wanting to do an MFA assessment, we’re here to help you get started.
Up next: Preparing for your MFA Assessment
Tune in next time to learn about the first two steps in our MFA Assessments process: Identifying Assets and Determining Access. These steps will allow you to prepare all the information you need to dig deep into your organization’s MFA implementation.