Cybersecurity COO Disables MFA, Exposing Firm to Attacks

A COO at a cybersecurity firm ordered the disabling of multi-factor authentication (MFA) after a minor software glitch affected a few mobile devices. This decision, made without waiting for a technical workaround, left the company vulnerable to credential stuffing and phishing attacks. The IT team had previously implemented MFA to improve the firm's Microsoft Secure Score, but the COO's actions undermined this effort. The issue was traced to a third-party invoicing application that falsely claimed MFA compatibility. Despite identifying the root cause, the COO insisted on an immediate rollback of security protocols. This incident reflects a broader trend of executives bypassing security measures when faced with operational challenges. In Kenya, similar resistance to security protocols is prevalent, with over 1.2 billion cyber threats reported in early 2026. The Central Bank of Kenya has mandated robust MFA in response to rising ransomware attacks.

Key Points: • A COO disabled MFA, exposing the firm to significant security risks. • The issue originated from a faulty third-party invoicing application. • Over 1.2 billion cyber threats were reported in Kenya in early 2026.