Dan Frost

This week the National Cyber Security Centre (NCSC) warned of a growing wave of increasingly sophisticated cyber security threats, in particular ransomware attacks.

The NCSC - the UK authority on cyber security - reports a number of trends in recent ransomware attacks - where criminals block access to computers, networks or data and then demand payment before access is restored.

The report highlighted an increase in cybercriminal "services for hire" and the sharing of victim information amongst criminal groups. It also detailed growing numbers of attacks on cloud services, industrial processes and software supply chains. The impact of attacks is also increased by targeting organisations during weekends and public holidays.

Recent UK government statistics on cyber attacks make for concerning reading too.

Four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in 2020/21.

The figures are higher among medium businesses (65%), large businesses (64%) and high-income charities (51%).

Among those identifying breaches or attacks, around a quarter (27% of these businesses and 23% of these charities) experience them at least weekly.

The most common by far are phishing attacks (for 83% and 79% respectively), followed by impersonation (for 27% and 23%). 

Source: Department for Digital, Culture, Media & Sport - Cyber Security Breaches Survey 2021

With the risk of cyber attacks ever-growing, it's more important than ever for your organisation to review the security of your website and other digital services. It's sobering to think what the consequences would be if your website was to become compromised. The repercussions - and potential costs - could be huge.

Adding Multi-Factor Authentication to your Drupal website

Amongst the immediate precautions that organisations should take to shore up their security is to implement Multi-Factor Authentication (MFA). Adding MFA as part of the login process on all important systems and services heavily minimises the risk of any user accounts being accessed and exploited, even if the primary login details are somehow discovered by criminals.

This simple extra authentication step is all that is needed to enable your genuine users to proceed as normal with accessing a website/service whilst heavily protecting against login attempts from imposters.

For organisations with Drupal websites, Adaptive provides an MFA solution for Drupal which utilises a leading MFA tool that can be integrated seamlessly into existing websites.

We launched the solution after finding that, although there are a handful of MFA-related Drupal modules already available, each has significant drawbacks. Either the modules are not yet fully developed, are not covered by Drupal's security advisory policy or are limited to only working with very specific services or authentication methods.

MFA for Drupal is available to Adaptive's existing clients and also to other Drupal websites too. For non-Adaptive clients, it can be implemented and supported as a standalone service, enabling you to continue working with your existing Drupal supplier on all other requests. Read more or contact us for further details.

MFA is just one of a number of cyber security services for Drupal currently being rolled out by Adaptive. See more ways to further secure your Drupal website here.