The data breach originated from stolen credentials, highlighting a weakness in relying on single-factor authentication (e.g., a password alone). Implementing two-factor authentication (2FA) directly mitigates this risk. 2FA requires a second, independent verification factor (e.g., a code from a mobile app, a biometric scan) in addition to the password. Therefore, even if an attacker steals the credentials, they cannot gain access without possessing the second factor, effectively preventing a similar breach. This is a strong preventative technical control that directly addresses the identified cause of the incident.

B. Conducting background checks on employees is a control primarily aimed at mitigating insider threats, not preventing the use of credentials stolen by an external actor.

C. Providing regular security awareness training helps prevent credentials from being stolen (e.g., via phishing) but does not prevent the use of credentials if they are compromised through other means.

D. Installing a security information and event management (SIEM) system is a detective control that can alert on a breach in progress but does not prevent the initial unauthorized access.

---

1. National Institute of Standards and Technology (NIST). (2017). NIST Special Publication 800-63B: Digital Identity Guidelines - Authentication and Lifecycle Management.

Section 5, "Authentication Mechanisms": This section details various authentication methods. Specifically, Section 5.1.2, "Multi-Factor Authentication," states, "The security of MFA is predicated on the idea that an attacker is unlikely to be able to subvert two different authentication factors." This supports that 2FA is the appropriate control to prevent the use of a single stolen factor (credentials).

2. Saltzer, J. H., & Schroeder, M. D. (1975). The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), 1278–1308. (A foundational academic paper in computer security, often cited in university courseware).

Section I.A.3, "Psychological Acceptability": While an older source, it establishes the fundamental principles of authentication. Modern interpretations in university security courses (like MIT 6.858) build on these principles to explain that relying on a single, shareable secret (a password) is inherently weak. The solution, multi-factor authentication, directly addresses this weakness by requiring evidence from multiple categories (something you know, something you have, something you are), which is precisely what 2FA does.

3. Microsoft Corporation. (2023). How it works: Azure AD Multi-Factor Authentication. Microsoft Learn.

"Why use Azure AD Multi-Factor Authentication?" Section: The documentation states, "More than 99.9% of cybersecurity attacks are blocked by using multi-factor authentication (MFA)... If a malicious actor manages to learn a user's password, it's useless without also having possession of the trusted device." This official vendor documentation confirms that 2FA/MFA is the industry-standard control for preventing account takeovers resulting from stolen credentials.