Pharmaceutical Contract Manufacturer Deploys Same-device MFA for 3K Users
Our customer is a leading global contract manufacturer and development service provider for the pharmaceutical and healthcare industries. As with all businesses, they are vulnerable to phishing, but the pharmaceutical industry especially is one that has been increasingly targeted in recent years. At worst, the impacts of a breach can include contaminated drugs, physical damage, downtime, litigation, loss of revenue running into billions of dollars and even lost to life. With such high stakes, security is paramount and driven by the need for protection as much as it is rigorous and strict industry regulation.
Having suffered a number of phishing attempts, the group required an extra layer of security, with multi-factor authentication a high priority for all its users. The deployment was required as soon as possible due to cyber insurance requirements and to mitigate the growing pressure and costs of phishing attacks.
Phishing, together with compromised credentials were the two most common and most expensive initial attack vectors globally in 2023 costing businesses multi-millions of dollars.
Multiple Device MFA Not Viable
Due to the global nature of the organization and its working practices, the selection criterion for the right MFA solution was demanding. They have a considerable workforce, but one of the most significant challenges is that most workers do not have company phones or USB keys aside from their own PCs. The vast majority of traditional MFA requires users to have a second device, such as a smartphone, a USB key or a card which was identified as undesirable. Furthermore, the customer was conscious that most MFA deployments require three things they did not have: lots of time, security professionals not already committed to other projects and the bandwidth for considerable change management.
Our customer needed a solution they could deploy to all users. Every user had to be protected. It had to function without the need for a second device and the solution had to be swiftly and easily deployed across the whole group. Same-device MFA, such as AuthN by IDEE allows users to perform multi-factor authentication simply by unlocking their existing device, so was an obvious choice. Working with IDEE GmbH, the pharmaceutical manufacturer was able to deploy a passwordless, same-device MFA solution with minimal effort.
AuthN by IDEE stores zero personally identifiable information (PII) from end users. It converts any device into an authenticator, by using a private key stored in the device security chip (all devices equipped since 2016 have this chip) and biometric or PIN. There is no software to install, or IT architecture changes required. The result is seamless UX coupled with the most robust security. It protects against all credential phishing and password-based attacks.
Having successfully rolled out the AuthN solution to all users, the group has protected its workforce, with a solution so easy to use, all that users need to do is unlock they device whenever they are asked to authenticate. Users love the friction-free, single-device solution which boasts superior UX, making adoption and acceptance easy. They have increased their cyber-resilience, reduced costs in managing passwords, and made time to focus on other IT deliverables close to their core business.