Why You Need More Than MFA to Secure Your Backups

Technology has gotten better at protecting your data, and multi-factor authentication (MFA) stands out as one cybersecurity technology that has come to the forefront in recent years. Consulting firm Markets and Markets projects that the MFA market will grow from $12.9 billion in 2022 to $26.7 billion by 2027, an impressive 15.6 percent CAGR.

TechTarget defines MFA as “a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction.” Anyone who spends any time online is already familiar with MFA, which most of us frequently experience as text messages to our phones—one of the “independent categories of credentials”—that require confirmation before we are given access.

Hackers Can Slip Past MFA Barriers

At Arcserve, we firmly believe in the value of MFA as one of your defenses against cybercriminals. That’s why you’ll find it featured in our products. But, as a company that’s laser-focused on data protection, backup, and disaster recovery, we also recognize that you need multiple defensive layers to keep the bad guys out.

That’s why we found this article from ZD Net of interest. While the writer states upfront that MFA gives you a significant barrier against cyber attacks, it isn’t infallible. Hackers are finding ways around it. The Microsoft 365 Defender Research Team’s post earlier this year makes that clear, noting that one large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session—and skip the authentication process even if the user had MFA enabled. The post says that the AiTM phishing campaign has tried to target more than 10,000 organizations since September 2021.

This week, Bleeping Computer published an article headlined, “MFA Fatigue attacks are putting your organization at risk.” The article explains that in these attacks, cybercriminals try to gain access to corporate networks by bombarding users with MFA push notifications until they finally accept one. That’s precisely what happened to Uber in September of this year, resulting in a breach of the company’s internal systems.

Protecting Your Data Starts With 3-2-1-1

No one wants to fall victim to these crimes, but it can get even worse, with hackers targeting backups more frequently to add leverage by preventing recovery. So, while it’s crucial to do everything you can to keep your data safe, it’s even more vital that your backups are protected.

The first step toward ensuring your organization can recover from any data loss—from ransomware attacks, natural disasters, or even accidental deletion—is implementing the 3-2-1-1 backup strategy. The strategy builds on the old 3-2-1 backup approach, recommending you keep three copies of your data (one primary with two backups) with two copies stored locally on two formats like network-attached storage, tape, or local drive, and one copy stored offsite in the cloud or secure storage.

That last “1” in 3-2-1-1 stands for immutability, with one copy of your data always being kept in immutable storage. When you back up your data to an immutable object store, it is saved in a write-once-read-many-times format that can’t be altered or deleted. That means it can be recovered, no matter what.

Take a Multi-Layered Approach to Data Protection

MFA is an essential deterrent to cybercrime. And, as every IT pro knows, you must also implement other measures, from antivirus protections to firewalls, to keep your data safe. But as cybercriminals become increasingly sophisticated, there’s only one way to ensure you can recover your data after a disaster. Follow the 3-2-1-1 rule and add immutability to your arsenal.

Get expert help choosing the proper data protection, backup, and disaster recovery solution for your organization by talking to an Arcserve technology partner. And be sure to check out our free on-demand demos.