Cybercrime and data breaches of personal information are an active threat every second. The struggle to maintain security parameters on sensitive material is a challenge that every industry is facing. The proliferation of new devices and accessibility to networks makes online environments a playground for hacktivists.
The cost of cybercrime in the UK is an average of has increased 42 per cent since 2012 according to the Ponemon Institute. The study found that a sample of 36 large UK organisations in various industry sectors, including a majority of multinational corporations, fell victim to 1.3 successful attacks per company per week.
This represents an increase of 16 per cent in attacks that infiltrate a company’s core networks or enterprise systems each week, compared with 2012.
It’s a problem consistently in the news cycle, demonstrated by the increasing number of high profile companies that are falling victim to this. Specifically, the bulk theft of username, password and other associated personally identifiable information. Adobe, LinkedIn, Yahoo!, Sony and Vodafone are among the organisations to have reportedly had millions of users’ details exposed in recent years.
The Ponemon research shows that the average annual cost of cyber crime varies by industry segment, with financial services, defence, and energy and utilities experiencing substantially higher cyber crime costs than organisations in retail, hospitality and consumer products.
The response of many companies to these threats is to add layers of security, such as: additional security questions, Captcha codes, SMS based so called One-Time-Passwords or physical security devices in the case of banks. However, the problem with these measures is they often frustrate users in relation to the ease of use and experience in accessing services.
According to Ponemon, 70 per cent of UK consumers surveyed for their attitudes towards password authentication processes said they forgot passwords as they could be being too long and complicated. The majority believe that it is important to have authentication that securely verifies their identity on devices they shared with other users. 39 per cent said they don’t trust websites to have adequate authentication processes and banking institutions scored highest in online validation, with 58 per cent rating them the highest in this area.
Old Tricks, New Dogs
Hackers are using the same old tricks to access and break into organisations’ data centres. For some it’s an egotistical exploration of what can be achieved through skill and persistence, but for many it’s a criminal activity to sell data for financial gain.
The question is: how can businesses work to reduce the threat from hackers? In this world of real-time attacks and online leaks, the primary target and vulnerability is the username and password database.
The inherent problems with storing such complete information in one database on one server and the fact that many users tend to use the same password across multiple online accounts, really supports the need for organisations to aggressively investigate other avenues of security that actually work. It is time for companies to look beyond username and passwords and quickly move to a more secure method that is simultaneously easier for customers to use than user name and password and additional security layers.
The Ponemon Cyber Crime Study reported that organisations achieve an average 14 per cent return on investments in security incident event management (SIEM), intrusion prevention systems (IPS), application security testing, and enterprise governance, risk management and compliance (GRC) systems. Companies deploying security intelligence systems experience a substantially higher return on investment at 23 per cent.
Security Intelligence systems such as two-factor authentication should start to be integrated across all industries in order to have some kind of real control on data breaches. Two factor authentication has been around for many years, but it is now possible to build strong systems in web applications, without the need for external hardware, such as those provided by banks for online banking.
Data is the individual’s responsibility, but as service providers ‘volunteer’ to protect personal information it is by default their duty to safeguard the consumer data held. This means organisations must begin to learn about the different technologies available like encryption, and using it to safeguard personal and sensitive data.
There are several strong authentication technologies ready to step in and replace the traditional ID/ password combination, and organisations should really be focused on finding a higher level of security that transcends user name and password, which is also cost effective and advanced, but also easy to use.
Organisations must work harder to protect data, or face losing customers to those that have invested in a system that is fool-proof. The time has finally come to ensure that the inevitable security breach is no longer inevitable.