The report asserts the industry is putting too much emphasis on MFA as a defense when more attacks come via social engineering or unpatched software and Remote Desktop Protocol (RDP)-involved attacks — none of which can be prevented solely by MFA.
- “MFA is good, it significantly reduces the risk of many types of popular attacks
- Use MFA where you can, but you will not be able to use it to protect most things
- A very sizable portion of hacking either does not care about your MFA solution or can hack around it, sometimes easily so
- If you deploy or use MFA, make sure to educate yourself about what attacks can still bypass or ignore your type of MFA solution
- If MFA is used by 100% of people, hacking and malware will still be highly successful”
Source: Cyber Insurance Industry Wrongly Hedging Its Bets on MFA