Modernizing MFA: Osterman Research Reveals Key Insights for Enhancing Security Against Rising Identity Risks

Identity threats are on the rise as cybercriminals seek to steal and exploit compromised credentials. Many organizations find themselves unable to stop these attacks in real-time, often only addressing them after significant damage has occurred. Osterman Research's latest report, Safeguarding Identity Security—We Need to Talk about MFA, highlights the urgent need for effective multi-factor authentication (MFA) to prevent account takeovers and reduce risks.

Strengthening MFA processes is essential for enhancing security. This report's results emphasize the importance of adopting new innovations like anomaly detection, advanced MFA devices, and dark web monitoring, as well as best practices for improving identity security.

1. Identity Threats Are On the Rise

Identity security is under attack, with 79% of organizations experiencing various types of identity breaches in the past year, such as phishing or authentication token theft (see Figure 1). This high rate of compromise is not surprising, as 94.2% of organizations fail to apply MFA consistently across all employees and applications. Additionally, 99.2% continue to rely on weaker MFA methods, such as one-time codes, which are vulnerable to bypass techniques.

These weaker MFA methods often provide a false sense of security and are easily circumvented by cybercriminals. The situation is exacerbated by the fact that 85.7% of organizations report increased interest from attackers in stealing and misusing credentials.

2. Stopping Real-Time Attacks is a Challenge

Most organizations can stop an attack once it has been detected, but not before a threat actor compromises their digital estate and puts them at risk. In fact, three out of four organizations are unable to stop an identity attack in real-time. Nearly half (46%) can only detect and stop the attack after it has succeeded, while 27% catch it sometime later (see Figure 4). Although detecting an attack immediately after it succeeds is better than allowing it to persist, limiting the dwell time is crucial to minimizing data theft, corruption, and other losses.

A small segment (0.8%) lacks the confidence to stop such attacks at all, which is the most concerning scenario. These organizations urgently need to enhance their security capabilities to mitigate the risks associated with identity attacks. Only those capable of stopping attacks in real time can fully prevent the potential damage

3. Complex IT and External Threats Strain Identity Security Efforts

There are many internal and external factors that complicate identity threat detection for organizations. Osterman reports that IT complexity is the most significant issue, with 83.3% of respondents finding it "very" or "extremely impactful." Other major internal issues include employee-related risks and the shortage of cybersecurity professionals with expertise in identity security, both tied at 73%. IT complexity also stands out, with 57.1% rating it as "extremely impactful."

Externally, a more dangerous threat landscape (78.6%) and cybercriminals focused on compromising credentials (77%) rank among the top concerns (see Figure 2). In short, organizations are grappling with internal IT complexity, external threats, and a lack of skilled professionals to safeguard identity security.

4. Strong MFA is Crucial for Both Security and Compliance

MFA is tied to multiple security and business drivers, with 90% of organizations ranking six or more reasons as highly important. The top reason is reducing the likelihood of account takeover, followed closely by meeting cyber insurance requirements and reducing network intrusions. Osterman highlights that all eight reasons for using MFA are closely ranked in importance, underscoring its critical role as a security control (see Figure 9).

Given its importance, relying on weak or outdated MFA methods is risky. Using legacy MFA methods not only exposes organizations to account takeover risks but could also invalidate cyber insurance coverage and lead to network intrusions, lawsuits, and data breaches.

5. Organizations Are Moving Toward Modern Detection Methods

Organizations are steadily moving toward modern MFA methods, with three out of five transitioning to next-generation solutions like hardware tokens and biometrics (see Figure 10). This shift is occurring gradually as organizations phase out legacy and weaker MFA approaches. While some have experimented with newer methods, there is an overall trend toward adopting stronger MFA over the past two years and in future plans.

However, 28% of organizations are still increasing their use of legacy MFA methods, which are easily bypassed by phishing tools. On the positive side, fewer rely on one-time codes via SMS (down 32%) and email (down 41%), while authenticator app use has grown by 48%. Though some plan no major changes, many are experimenting with both legacy and modern MFA to find the best fit, but continued reliance on legacy methods poses a significant risk for identity protection.

As you can see, the findings from Osterman Research underscore the urgent need for organizations to modernize their MFA strategies to combat rising identity threats effectively. With a rapid increase in organizations experiencing identity breaches over the past year and a significant reliance on outdated MFA methods, the risks are clear. To enhance security, organizations should move beyond these legacy methods and adopt more robust solutions, including anomaly detection, and advanced MFA devices.

By leveraging advanced AI-driven solutions, Abnormal helps organizations detect and respond to sophisticated threats in real-time, providing an additional layer of security beyond traditional MFA. The Abnormal platform can identify and mitigate anomalies and potential breaches more effectively, complementing MFA practices and reducing overall risk. Embracing a modern solution alongside stronger identity security approaches will better safeguard against attacks and ensure compliance with evolving business and regulatory requirements.

Interested in learning more about how Abnormal can protect your organization from increasing identity threats? Schedule a demo today!