Mannu Singh, Vice-President, Tata Teleservices
Mannu Singh heads the SME Operations for West & Central Regions at Tata Teleservices where he is responsible for strategy, business planning, and execution across these regionsto ensure both top-line and bottom-line growth, with a focus on customer satisfaction and resource optimization.
Mannu Singh heads the SME Operations for West & Central Regions at Tata Teleservices where he is responsible for strategy, business planning, and execution across these regionsto ensure both top-line and bottom-line growth, with a focus on customer satisfaction and resource optimization.
Against the backdrop of a threatscape, multifactor authentication (MFA) has emerged as one of the most effectiveand accessible defences against modern cyber risks.
India’s rapid digitalisation has fundamentally transformed how businesses operate, transact, and scale. From digital payments and cloud-based operations to remote work and API-driven ecosystems, technology now underpins enterprise growth across sectors. However, this acceleration has also expanded the attack surface for cybercriminals. Cyber incidents in India, according to an estimate,have grown by over 200% year-on-year, underscoring a critical reality: digital growth without strong security is unsustainable.
While large enterprises have steadily improved cybersecurity maturity, MSMEs remain disproportionately vulnerable. With lean IT teams, limited budgets, and growing dependence on cloud platforms and digital tools, small and mid-sized businesses have become prime targets for credential theft, phishing, and account takeover attacks. In this evolving threat landscape, multifactor authentication (MFA) has emerged as one of the most effectiveand accessibledefences against modern cyber risks.
Why Passwords Alone Are No Longer Enough
For years, usernames and passwords served as the first line of defence for digital systems. Today, they are also the weakest link. Human behaviour for password reuse, predictable patterns, delayed updates continue to be exploited at scale. Increasingly, attackers do not “break in”; they simply log in using stolen credentials acquired through phishing, malware, or data leaks.
This risk is amplified for MSMEs, where employees often access business systems from personal devices, shared networks, or remote locations. A single compromised login can expose financial systems, customer data, vendor portals, or cloud workloads. MFA addresses this vulnerability by ensuring access depends on more than just what a user knows.
MFA as a Practical Security Multiplier
At its core, MFA introduces an additional layer of identity verification by combining factors such as something the user knows (a password), something they have (a device or token), or something they are (biometrics). Even when credentials are compromised, attackers are stopped at the second checkpoint.
Consider a mid-sized manufacturing exporter that digitised its procurement and vendor payment workflows. When employee credentials were compromised during a phishing attempt, MFA prevented unauthorised access by requiring device-based verification. What could have escalated into financial loss and operational disruption was contained with minimal impact. For MSMEs, this level of prevention is not just a security measure, it is business continuity insurance.
Multiple Paths to Secure Authentication
MFA has evolved far beyond basic OTPs. Device-based authenticators now generate time-sensitive codes directly on trusted devices, significantly reducing interception risks. Push-based approvals allow users to verify access instantly, improving both security and usability. Biometric authenticationembedded in most smartphones and laptopsoffers seamless access by leveraging unique personal identifiers.
For sectors handling sensitive data, including finance, healthcare, logistics, and SaaS, hardware tokens and app-based authentication add another layer of resilience. At the same time, email-based verification continues to serve as an inclusive option for users without smartphonesparticularly relevant for MSMEs with diverse workforces and partner ecosystems.
Balancing Security with Usability
Despite its advantages, MFA adoption is not without challenges. Poorly implemented systems can lead to authentication fatigue, where excessive prompts frustrate users and encourage risky workarounds. SMS-based OTPs, while widely used, remain vulnerable to SIM swapping and phishing. Biometric systems, once considered near-invulnerable, are now facing emerging risks from AI-driven spoofing and deepfakes.
The solution is not to abandon MFA, but to deploy it intelligently. Risk-based authenticationwhere additional verification is triggered only when behaviour deviates from the normhelps balance security with productivity. Equally important is cyber awareness. Training employees to recognise suspicious login attempts and phishing indicators is critical to ensuring MFA delivers its intended value.
Why MSMEs Must Act Now
Unlike large enterprises, MSMEs often lack the resources to recover quickly from cyber incidents. A single breach can disrupt operations, damage customer trust, and invite regulatory scrutiny. As MSMEs increasingly adopt cloud platforms, digital payments, and online marketplaces, MFA is no longer a discretionary upgrade, it is a baseline requirement.
A growing logistics services provider offers a clear example. As it expanded across regions, remote access to fleet management and billing systems became essential. By implementing MFA across cloud dashboards and VPN access, the company significantly reduced unauthorised login attempts. This enabled the company to scale securely without adding operational complexity.
Prevention Will Always Cost Less Than Recovery
Cybersecurity is no longer an IT issue; it is a boardroom priority. MFA remains one of the most cost-effective controls available today, capable of blocking a majority of credential-based attacks. When integrated across email systems, cloud platforms, admin portals, and remote access tools, it materially strengthens an organisation’s security posture.
Looking ahead to 2026, MFA itself will continue to evolve by becoming more adaptive, context-aware, and frictionless. Identity-led security models will increasingly rely on continuous authentication, behavioural signalsrather than static credentials alone. For organisations navigating an increasingly digital economy, the winners will be those that treat identity as the new perimeter and MFA not as a checkbox, but as a strategic enabler of trust, resilience, and sustainable growth.
