Not a one-time activity
Many organizations have implemented MFA as a one-time activity and moved on, but as highlighted above, this will not hold up to the challenges we now face in an ever-evolving world of threat actors. The same applies to any other controls put in place. Security should be an on-going and critical function within your organization.
When you implement a solution, it may be the best industry recommended practice at the time, but within six months there are likely to be new and emerging threats that you need to implement controls against. Thankfully, a lot of these solutions include threat and vulnerability management, however this is a function that needs managing.
Organizations must either assign staff to maintain the function or reach out to a trusted partner to manage the service for them. Without this component they will not benefit from the full potential of the solution they have invested in.
MFA is a great step that every organization should be taking, but it simply isn’t enough, even in the identity pillar of security. Organizations must start looking at the bigger picture and ensuring that individual solutions work together to give a single-pane of glass view into their environment.
Implementing a robust workplace security model is more important than ever, but even more important, is having a team who can drive continuous service improvement and rapidly respond to new and emerging threats.