{"id":93268,"date":"2021-04-05T09:00:03","date_gmt":"2021-04-05T16:00:03","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=93268"},"modified":"2023-05-15T23:08:06","modified_gmt":"2023-05-16T06:08:06","slug":"protect-your-business-from-email-phishing-with-multi-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/04\/05\/protect-your-business-from-email-phishing-with-multi-factor-authentication\/","title":{"rendered":"Protect your business from email phishing with multi-factor authentication"},"content":{"rendered":"

Cybersecurity has been in the news far more often in the past 12 months than in previous years, as cybercriminals escalated their activity during the COVID-19 pandemic quarantine. The seismic shift of hundreds of millions of people connecting and working from home every day presented cybercriminals with greater opportunities to attack and new threat vectors to exploit, as was detailed in the Microsoft 2020 Digital Defense Report<\/a>.<\/p>\n

Cybercrime is a large and flourishing enterprise, unfortunately. Like in any business, innovation fuels success and profit.<\/p>\n

Business email compromise is on the rise<\/h2>\n

Even the oldest tricks of cybercriminals are constantly evolving in techniques to bring more revenue from nefarious customers. Email phishing\u2014when individuals or organizations receive a fraudulent email encouraging them to click on a link, giving the cybercriminal access to a device or personal information\u2014has become a dominant vector to attack enterprise digital estates. Known as business email compromise (BEC), cybercriminals have responded to technical advancements in detection by developing fast-moving phishing scams that can victimize even the savviest professionals.<\/p>\n

BEC criminals know that email is today\u2019s de facto method of communication. People have been encouraged to \u201cgo paperless\u201d by companies, and most feel confident they can spot a spam email. But they also inherently trust those they work with and are more likely to respond to requests from their company\u2019s executives, as well as their trusted suppliers and business partners. A real but compromised account anywhere in the communication stream can lead to disastrous results.<\/p>\n

Cybercriminals bank, quite literally, on these human, socially reinforced patterns. And it\u2019s not surprising that cybercriminals succeed with schemes that appear, at least in retrospect, unbelievably primitive and transparent. In fact, one quite well-known BEC scam that used keylogger malware to fine-tune email access\u2014and operated without detection for six months in 2015\u2014redirected invoice payments totaling $75 million to cybercriminal bank accounts. In hindsight, one might expect that someone would notice, given the vast amount of money involved. But no one did.<\/p>\n

As severe as the consequences of BEC can be, they are unfortunately also quite frequent. Since 2009, 17 percent of the cyber incidents reported to Chubb have stemmed from social engineering. And the risk is only increasing\u2014the scale and threat of email phishing attacks are growing.<\/p>\n

Take action: Reduce email phishing attacks with MFA<\/h2>\n

Enabling multi-factor authentication (MFA) can be one of the quickest and most impactful ways to protect user identities, and an effective means to reduce the threat and potential impact of BEC. MFA has been available for all Microsoft Office 365 users since 2014, yet many small- to mid-sized business system administrators have not enabled it for their users.<\/p>\n

In a joint white paper co-written by Microsoft and Chubb, the world\u2019s largest publicly traded insurance provider, we explain how multi-factor authentication foils fraud, and how implementing MFA may be much easier and painless for your users than you may think. It\u2019s a simple yet effective means to reduce the threat and potential impact of BEC.<\/p>\n

The paper is available for download on Chubb\u2019s website<\/a>.<\/p>\n

Embrace Zero Trust to protect your complex digital estate<\/h2>\n

Beyond the benefits of multi-factor authentication, the move toward Zero Trust security<\/a> can enable and secure your remote workforce, increase the speed of threat detection and remediation, mitigate the impact of potential breaches, and make it harder for cybercriminals to make money.<\/p>\n

The business of cybercrime will continue to grow. However, by increasing the complexity and cost of perpetrating that crime, businesses can disincentivize the criminals to the point where they move on toward easier targets.<\/p>\n

Learn more<\/h2>\n

To learn more about email phishing and how to protect your organization, read these blogs:<\/p>\n