May 22, 2022

Multi-factor authentication remains too little activated in companies…

Only 22% of companies would have enabled MFA authentication on Azure Active Directory accounts. A more than worrying figure…

Identity is at the heart of Zero Trust approaches and the main battleground for cybercriminals. It is by stealing and usurping identities that cyberattackers penetrate corporate networks, steal confidential data, introduce ransomware and other advanced threats (APT).

However, companies are still too lax in protecting the identities of their users if we are to believe the first Cyber ​​Signals report published by Microsoft. Surprisingly, Internet users seem – as individuals – more advanced than companies when it comes to the adoption of multi-factor authentication (MFA) and biometric authentication. A recent Duo Labs report thus revealed that in the USA (and the United Kingdom), 78% of Internet users had opted for two-factor authentication (mainly an identity check by SMS or email).

But according to Microsoft, only 22% of Azure AD customers would have enabled MFA protection !

However, the Cyber ​​Signals study simultaneously shows that Azure AD’s defense infrastructure detected and blocked more than 25.6 billion identity theft attempts (by Brute Force attacks, exploiting stolen password databases) in 2021!

Between November 26 and December 31, 83 million attacks against corporate user accounts were countered.

The report also reveals that Microsoft Defender for Endpoint in 2021 blocked more than 9.6 billion pieces of malware targeting both employees and Internet users. And Microsoft Defender for Office 365 has blocked more than 35.7 billion phishing emails and other malicious emails!

Finally, the report gives some prices practiced in the world of cybercrime. Thus access to a ransomware generation kit would cost on average 66 dollars plus 30% of the profit made with the payment of ransoms. Other information, a hacked mobile is more expensive than a hacked PC: $2.78 against $0.89. An account stolen through a phishing attack is traded between $100 and $1,000 on the Dark Net. Incidentally, Microsoft recalls that 98% of attacks could be stopped simply by applying the rules of hygiene of information systems.