Despite a cyberthreat landscape that continues to evolve and become even more dangerous, just 22% of Microsoft Azure Active Directory customers have implemented strong identify authentication protection, Microsoft says in a new report.
In the company’s Cyber Signals report, a new quarterly cyber threat intelligence brief marketed to IT and security leaders, Microsoft says less than a quarter of customers are using multifactor authentication (MFA) or passwordless solutions, even as the company responds to billions of cyberattacks against its customers.
According to the company, Defender for Endpoint blocked more than 9.6 billion malware threats targeting enterprise and consumer devices in 2021, Defender for Office 365 blocked more than 35.7 billion phishing and malicious email attacks, and Azure Active Directory blocked more than 25.6 billion brute force attacks.
Microsoft’s reports reaffirms the importance of MFA and other credential security tools, especially as nation state actors continue to rely on theft of credentials and poor password security to conduct attacks.
If adoption of MFA and passwordless tools remains low, nation-state actors will keep conducting spear-phishing and password spray attacks, Microsoft’s report says.
The need to enforce MFA adoption or go passwordless cannot be overstated— the simplicity and low cost of identity-focused attacks make them convenient and effective for actors. While MFA is not the only identity and access management tool organizations should use, it can provide a powerful deterrent to attacks, the report says.
Practicing basic cybersecurity hygiene such as antimalware, applying least privilege access, enabling MFA, updating software and protecting data will help protect against 98% of attacks, Microsoft says in the report.
The company has previously said that enabling multifactor authentication will help block nearly all (99.9%) of cyberattacks.
In a blog, Vasu Jakkal, corporate vice president of security, compliance and identity at Microsoft, writes that identify has become the battleground for security.
“MFA and passwordless solutions can go a long way in preventing a variety of threats and we’re committed to educating customers on solutions such as these to better protect themselves,” Jakkal says.