Corey O’Connor, Director of Products at DoControl, points out that this is also an opportunity to review access controls as MFA configuration is being addressed: “Access controls are a critical mitigation strategy that should not be overlooked. The detection and prevention of data exfiltration would be reduced through granular access controls wrapped around business critical applications that contain sensitive data and files. If MFA becomes compromised, there is still a lifeline through least privilege policy enforcement to minimize the access to that sensitive data. Potentially malicious or high-risk activity can be detected if the files are being accessed by unknown IP addresses, or other parameters that present high levels of risk.”
