{"id":106034,"date":"2024-02-16T14:22:02","date_gmt":"2024-02-16T19:22:02","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=106034"},"modified":"2024-02-16T14:22:45","modified_gmt":"2024-02-16T19:22:45","slug":"mfa-admin-accounts","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/mfa-admin-accounts","title":{"rendered":"You Are the Weakest Link: Why Admin MFA Is Essential"},"content":{"rendered":"\n
Cybersecurity attacks are continuously on the rise<\/a>, which can make security feel like a losing battle. Most IT professionals feel the pressure: 56% of IT professionals working at small or medium-sized enterprises (SMEs) are more concerned about their organization\u2019s security now than they were six months ago (see JumpCloud\u2019s 2024 study<\/a>). In fact, SME IT professionals named security as their top challenge in 2024<\/a>, 2023<\/a>, and 2022<\/a>. <\/p>\n\n\n\n These concerns can prompt us to reflect on our own environments. How much can we really<\/em> protect? The variety, speed, and severity of attacks can make it feel like security falls outside of our control. <\/p>\n\n\n\n While there will always be factors that we can\u2019t control, there are quite a few things that we can<\/em>. And some of the biggest security impacts you can make come from small actions. <\/p>\n\n\n\n Fortunately, there are many areas of security that you can<\/em> control. The most important ones are the core elements of your IT infrastructure: identities, access, and devices. <\/p>\n\n\n\n Recent data shows that IT professionals are maximizing their influence on the security of these elements:<\/p>\n\n\n\n While centralized environments improve security, they also carry a greater burden of security checks, particularly for admins. In a centralized environment, admin accounts are<\/em> the keys to the kingdom. This makes them prime targets for cyberattackers. Without the right security, admin accounts are critical weak points in your defenses.<\/p>\n\n\n\n Although the IT industry is making significant strides in securing authentication and access, there are still some gaps. Recent data suggests that admins may not be sufficiently securing their own accounts. A large majority (83%)<\/a> of IT professionals said that they required MFA across all employees\u2019 <\/em>accounts. Yet, 83% also said that they allow access to at least some resources via password-only authentication. <\/p>\n\n\n\n One interpretation of this data is that IT admins are leaving their own accounts underprotected, focusing their security efforts (and time) on protecting the less-savvy average user instead. This may be because admins assume they know enough to create strong passwords and keep their accounts secure. However, no password on its own is as strong as a password protected by MFA<\/strong>. <\/p>\n\n\n\n Passwords have long been criticized for being insecure (case in point: check out this critique on password security from 1995<\/a>). Surprisingly, however, 68.6%<\/a> of SME IT professionals believe that password-only authentication provides adequate protection for their organization’s accounts. <\/p>\n\n\n\n But passwords present too many vulnerabilities to be secure on their own. The following are some of the most common security pitfalls of password-only authentication: <\/p>\n\n\n\n Admins may know better than to commit some of these errors. However, some password compromise vectors fall outside of their control. MFA protects against such uncertainties by layering authentication. No matter how long or complex, passwords provide <\/strong>one<\/em><\/strong> layer of authentication. MFA provides <\/strong>two.<\/em><\/strong><\/p>\n\n\n\n When we assess the impact of a security implementation, we should first assess the risk that it mitigates, and how well it mitigates that risk. Risk assessments break down into two key factors: <\/p>\n\n\n\n Let\u2019s apply this to MFA.<\/p>\n\n\n\n First, we\u2019ll examine the severity<\/em> of the potential risk that MFA mitigates: account compromise via password authentication. The consequences of a compromised account can be severe and far-reaching<\/a>. Breaches often spread, whether through lateral movement, re-used credentials across accounts, or an attacker gaining access to an account with widespread privileged access. A single stolen password can enable a breach that damages a company\u2019s valuation, reputation, and revenue. It can even drive a company out of business. <\/p>\n\n\n\n Second, we\u2019ll examine the likelihood<\/em> of account compromise via password authentication. Unfortunately, password compromise is fairly likely for password-only authentication. Stolen credentials are the most common entry point in a data breach<\/a>, and increasing sophistication in attack methods increase the odds of compromise. For example, a 2023 study<\/a> tested humans against AI-written phishing emails. 78% of people opened the emails and 65% disclosed personal information, including passwords. <\/p>\n\n\n\n In short, MFA protects against a risk that is both very likely<\/em> and very severe<\/em>. This makes it a critical security implementation. <\/p>\n\n\n\n According to the U.S. National Cybersecurity & Infrastructure Security Agency (CISA)<\/a>, \u201cUsers who enable MFA are significantly less likely to get hacked.\u201d Essentially, MFA adds a layer that a bad actor can only crack if they have possession of something like the user\u2019s device, email account, or biometrics. This makes password compromise significantly less likely. <\/p>\n\n\n\n In short, MFA is the best way to prevent hackers from using a compromised password. <\/strong>MFA is strongest when it requires you to provide a trifecta of secure factors:<\/p>\n\n\n\n Simply put: admins hold privileged access to most or all of an organization\u2019s accounts, making them a key target for attackers. Further, an attack on an admin\u2019s account could have more dire consequences, as it could grant attackers access to the most protected and high-value accounts and information. <\/p>\n\n\n\n These factors add to both the likelihood<\/em> and severity<\/em> of an attack on admin credentials. Thus, adding another layer of security to an admin\u2019s password can exponentially improve the organization\u2019s security.<\/p>\n\n\n\n In addition to having a high impact on security, implementing MFA on admin accounts can be fast, easy, and cost-effective. JumpCloud, for example, offers an admin-friendly and<\/em> user-friendly means for implementing MFA everywhere. While many platforms require different components or add-ons to enact MFA across all your resources, JumpCloud allows you to implement MFA environment-wide, all from the cloud. And because we recognize the importance of admin account security, JumpCloud defaults to requiring MFA on admin accounts.<\/p>\n\n\n\n JumpCloud MFA is easy to set up, making it a truly low-effort way to enhance your organization’s security. Learn more about how JumpCloud enables MFA for admin accounts<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Here\u2019s why implementing MFA on admin accounts can exponentially increase your organization\u2019s security.<\/p>\n","protected":false},"author":144,"featured_media":100935,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[],"collection":[2780],"platform":[],"funnel_stage":[3015],"coauthors":[2532],"acf":[],"yoast_head":"\nWhat Can<\/em> You Control? <\/h2>\n\n\n\n
\n
Where Are Your Gaps?<\/h2>\n\n\n\n
The Pitfalls of the Password<\/h3>\n\n\n\n
\n
Why Layering Admin Accounts with MFA Is Critical to Security <\/h2>\n\n\n\n
\n
How Well Can MFA Mitigate the Risk?\u00a0<\/h3>\n\n\n\n
\n
Why Focus on Admins? <\/h3>\n\n\n\n
MFA: The Low Effort, High Impact Solution<\/h2>\n\n\n\n