Get a DemoCorey O'Connor, director of products at SaaS security vendor DoControl, added that access controls also are a key part of any mitigation strategy. Wrapping granular access controls around business-critical applications that include sensitive data would go a long way to preventing the data from being stolen.
"If MFA becomes compromised, there is still a lifeline through least privilege policy enforcement to minimize the access to that sensitive data," O'Connor told The Register in an email. "Potentially malicious or high-risk activity can be detected if the files are being accessed by unknown IP addresses or other parameters that present high levels of risk."
