“This year’s ‘World Password Day’ really needs to be ‘World Password and MFA (Multifactor Authentication) Day.’ As we saw in both our 2024 Annual Threat Report and our most recent Active Adversary report, attackers are zeroing in on companies’ data—and credentials to privileged systems are some of a company’s most valuable assets.
The recent attack against Change Heathcare is an unfortunate reminder that the right set of passwords—coupled with a lack of MFA—can have devastating consequences. In the case of Change Healthcare, that’s all the ransomware attackers needed to take whole systems offline and exfiltrate massive amounts of patient data.
Going forward, enabling MFA everywhere possible for companies is not just important—it’s essential.”