Friday, 23rd August 2019

Be cyber attack free during the festive period

It has been a tumultuous year for cybersecurity, with endless security breaches hitting the headlines. Perhaps most recently, social media giant, Facebook, saw its largest security breach ever in September, with 50 million Facebook users allegedly left exposed by a security flaw. It’s no surprise that the adoption of IT security solutions in corporate businesses is on the rise, with 1.9 billion personal and sensitive data records compromised between January 2017 and March 2018. By Adrian Jones, CEO of Swivel Secure.

Following the busy Cyber Weekend, the festive season is quickly approaching, and businesses can get carried away with the prospect of a huge influx in customers purchasing and forget to properly protect themselves online. According to Carbon Black, there was a 57.5% increase in attempted cyber attacks during the 2017 holiday shopping season.

Big retail events like the Boxing Day sales, attract millions of customers that take to the internet, credit card in hand, ready to bag a bargain. However, this poses an opportunity for online hackers to infiltrate the most heavily populated websites, gaining the bank and personal of vulnerable customers. SME’s are the most at risk, often having little in the way of IT security and suffering worse than larger corporations once a cyberattack occurs.

Other issues are faced in local government with 50% of English local authorities reliant on unsupported server software. It can be a hard pill to swallow that security breaches are inevitable, no matter how large or small the organisations are. The reality is that both need to implement the appropriate security for the marketplace they operate in and the data they retain. Organisations that fail to properly secure their data, with the minimal investment in both time and money, are left in recovery for months, sometimes years.

Protect your customers with MFA

Organisations can look to IT security software to help prepare against malicious attacks during the festive period, and ultimately, protect their customers and valuable business data.

Multi-factor Authentication (MFA), is just one of the simple and quick solutions companies can adopt to prevent a cyberattack byprotectingthe entry points into the services and data. MFA is a platform that protects applications from unauthorised access by utilising a combination of factors such as something that you are (fingerprint), something that you have (a mobile application or token), and something that you know such as a PIN or one-time code (OTC).

Many web companies such as Google, Linkedin and PayPal have two-factor authentication built in as a standard feature (once you choose to enable it) and is accepted and recognised for its effectivity in preventing security breaches. Noted authorities on cybersecurity suggest that unauthorised access could be prevented by as much as 80% if MFA had been deployed.

Successful breaches can be the result of human error due to over used and weak passwords. Rather shockingly, it was alleged that, 1,464 government officials were using “Password123” as their password in just one US state. Some MFA solutions deliver a range of authentication factors where passwords are never used and access can be authenticated via a PUSH notification to a mobile application.

Authentication software companies have the advantage of authenticating all applications using one system, whereas using application specific 2fa usually means a separate login processes for each application. The goal is to balance usability whilst retaining security. Too complex and the user won’t use it, or will try to avoid using it, too simple and you have a breach.

Whilst it’s unlikely a business will be retargeted and hit again following a breach, companies can expect to experience even more public pressure to regain and increase security. The implementation of MFA shows stakeholders that the company is taking serious steps to protect their customers and business. Sadly ‘closing the door after the horse has bolted’ is by far the most expensive option, both in terms of customer perception and shareholder value.

Throughout corporate organisations, the rule of ‘one size fits all’ doesn’t apply, especially in terms of cybersecurity and in Authentication, configuration via customisation is key to success. Both Enterprises and SME’s call for intelligent authentication solutions that are tailored to their situations.

For example, organisations can look to intelligent platforms to detect and request the adequate amount of authentication from users depending on any individual scenario. This can include a pass or fail calculated by an algorithm based on a range of variables including their location, the application they want to gain access to, timing of access and the device type they are using. Simply speaking, you tailor the authentication needs to the action taken by the user.

If you were buying a pencil online at home via your regular account, a simple username and password would suffice toget you through checkout. With MFA implemented on the webstore, if you want to purchase a high value product such as a TV, and you’re abroad, at 3am local time, on a hotel wifi network, you will need multiple factors to make it through the process and checkout successfully.

Make the authentication process reflect the value of the data or the product.

During this festive shopping period, it is important that all stakeholders are protected from customers using ecommerce, to employees and suppliers. With plenty of opportunity for individuals to breach the system, organisations should look for a multi-factor authentication platform from a specialist provider that addresses all their requirements to stay safe.

When the General Data Protection Regulation (GDPR) came into effect in May 2018, businesses from all...
How has GDPR changed the security and compliance landscape? Over the following pages, you’ll find a...
May 2019 marks the first anniversary of the General Data Protection Regulation (GDPR), and early num...
Today’s organisations realise that data is a critical enterprise asset, so protecting that data and...
Digital transformation has changed the face of business, driving disruptive change and creating spir...
When the General Data Protection Regulation (GDPR) came into effect in May 2018, businesses from all...
As organizations digitally transform, critical systems and sensitive information can be accessed by...
Mark Humphries, Managing Consultant for Civica Digital, explores the importance of data structure an...