“They’re not breaking into Fort Knox; oftentimes, the threat actors are walking through an open door,” said John Menefee (pictured), cyber product manager at Travelers. “Organizations that lack the most basic of controls are the most likely to experience a claim.”
MFA is a defensive measure that businesses should incorporate into their cyber risk mitigation because it can help block automated bots and bulk phishing attacks. It is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.
Read next: Being proactive in a volatile cyber insurance market
“MFA is one of the most basic cybersecurity controls, but it can be enough of a hurdle to put a threat actor off,” Menefee told Insurance Business. “A lot of the claims that we see are email compromise events – when a threat actor gains access to an employee’s username and password and uses that to access their web-based email account. Something as simple as requiring MFA to gain access to that email account, even if it’s just a text message…
