IT’S NATIONAL CYBER SECURITY AWARENESS MONTH. October is National Cyber Security Awareness Month and during this month we will be talking and sharing some interesting insights, trends we are seeing and risks you should know of.
We wanted to start off by talking about data breaches. Last Monday we read that Those 68 Million Hacked Dropbox Account Details Are Free to Download. Although a stunning number, Dropbox is not alone. In the past year alone, we have witnessed a never-ending avalanche of data being compromised, from the Clinton administration campaign, to Anthem and Yahoo as the last, but sure not the least.
“Most companies don’t fully understand or address their security risks,” the 2014 US State of Cybercrime Survey said, which explains why although occurred in late 2014, Yahoo admitted its data breach only in September 2016, in which the sensitive information of about 500 million users was stolen. And the White House in its fact sheet continued by saying that "62 percent of successful data breaches last year," could have been prevented with strong authentication.
While strong authentication is certainly warranted, the fact remains it is not enough. Forty-six percent of people interviewed admitted to sharing passwords which suggests that organizations cannot rely on individuals alone to maintain security and the integrity of their accounts. Continuous monitoring of a session is really the only way to ensure that an authorized user is the one behind a device or application.
However, the issue of the breaches begs another question. The data breaches now require a full password reset and reauthenticating all the users. Given the massive undertaking and the further risk of identity theft and account takeover, having a passive, invisible way to identify the real user becomes a very compelling option. Enter behavioral biometrics. Most people associate behavioral biometrics with either keyboard strokes or rule based tracking of certain activities. Today however, the state of the art looks at 500 data points to establish a user profile which can be recalled for account resets, for continuous authentication and to prevent further online fraud and identity theft. With National Cybersecurity Awareness Month upon us, it is imperative to think the way the fraudsters do in order to protect ourselves and our businesses.