Enterprises worldwide are under a constant threat of cyber-attacks. According to Gemalto’s Breach Level Index (BLI), data breaches were up by more than 49% worldwide, leading to the compromise of more than one billion records last year – a 78% increase compared to 2013. Also, identity theft related breaches accounted for 54% of all data breaches, and one-third of the most severe breaches.
Identity theft is on the rise everywhere, and probably for a reason – people are an easier target than systems! By targeting senior executives and privileged users, hackers can gain access to the entire network with legitimate user credentials. Once in, they can have complete control over the system, and can virtually create, modify and delete data with full administrative rights.
But, cyber-attacks are not always due to outsiders. Much of the time, they are a consequence of an insider’s actions. These may range from a disgruntled employee who deliberately exploits his user credentials for personal gain, to a careless employee who unknowingly creates vulnerabilities that hackers can misuse. With a mobile workforce, the proliferation of cloud services, and constantly evolving end-user technologies, it is very hard for enterprises to keep up with the challenges in data security.
While many of these threats are unavoidable, enterprises can definitely use the latest technology and corporate best practices to mitigate some of the risks. In particular, they could:
- Raise awareness about security among its employees.
- Design and deploy sound IT policies to secure and monitor privileged accounts, networks, and devices.
- Introduce Multi-Factor Authentication (MFA) for strong access control. With MFA, the user provides two or more independent means of identification for authentication – something that the user has such a userID and password; something the user possesses such as a One Time Password (OTP) generated from his hardware, software or mobile token; and something the user is such as a biometric finger print. Since only the authorized people have the right combination, validating employees with MFA offers better security as compared to traditional password.
- Encrypt sensitive data where it resides such as databases, files, and virtual clouds. Securely store the encryption keys, and make sure that those people who manage the keys are not allowed to access the encrypted data. That way, even if there is a breach, damage to the organization will be minimal.
- Encrypt sensitive data in transit, to ensure minimization of risk if the data is intercepted mid-flow.
We cannot control when and how the next attack will come, but we can be better prepared to deal with it. A holistic, multi-layered approach, starting with better identity control at the edge to securing sensitive data at the core, can be a sensible way to protect enterprises from fraudulent attacks.
We’ll be talking about these issues at Mobile World Congress Shanghai from 15th to 17th July 2015; if you’re interested in discussing further, please leave a comment on the blog or find us at the show.