Organisations know that they need to protect their systems, data, and employees from data breaches. Virtually every day there are reports of businesses who have suffered cyberattacks exposing personal data records. However, that is not the end of the story – there is so much more to consider, and resolve should you suffer a data breach.
The chart (2) below shows the number of records exposed over the last 7 years, which in 2020 resulted in more than 37 billion records being breached.
If you are the owner of a business or organisation trying to keep your sensitive data secure – it must be a scary thought that humans contribute to 82% of cyber-attacks.
Your employees (1) could be duped into exposing the organisation to reputational damage and data breaches, without realising. The sophistication of the cyber criminals these days is staggering, using phishing and spear phishing techniques to gain users details and passwords, knowing that the potential gain from extracting this information is huge.
The work involved in plugging the leak after a cyber-attack, whilst continuing to run your business is a major cost that no one really accounts for. Not to mention the reputational damage that a data breach causes and the increasing level of fines. All of which could be avoided if strong PKI-based authentication had been implemented.
Public Key Infrastructure
Public Key Infrastructure (PKI) is the strongest form of passwordless authentication. Put simply, PKI consists of a set of roles, policies, software, hardware, and procedures which together provide the gold standard solution for protecting digital identities.
The strongest form of two-factor authentication is a digital identity comprising a PKI certificate issued to a secure device, as recognised by standards such as US FIPS 201 (PIV), enabling organisations to be sure that users accessing systems, networks and sensitive data really are who they claim to be.
36% of all data breaches involved Phishing
Phishing is normally a communication, which is sent to a recipient within an organisation, who is then asked to perform an action in a timely fashion. Sometimes it may even look like it has come from within the organisation, so the individual is fooled into responding or taking an action quickly, without too much time to think about it. If you act and then are asked to re-enter your password, the rogue site steals that information, and a cyber-attack has occurred.
91% of cyber-attacks begin with a spear-phishing email
This is a much more sophisticated type of phishing campaign, where the criminals target a specific person within the organisation and encourage them to take an action. This involves more intelligence, planning, and research from the cyber criminals, as well as time. But if successful, is more likely to give them access to more valuable data. Often the criminal uses communication tools to strike up a conversation and then builds trust over a period of time, before asking the victim to click on a rogue link or divulge sensitive information.
What can you do to ensure you are safe from the possibility of cyber-attacks?
1. Ensure you have the strongest possible authentication in place, ideally Public Key Infrastructure (PKI).
2. Train your employees to spot phishing and spear phishing attacks via email and other channels.
3. Make sure your systems are protected using phishing resistant hardware-backed strong authentication from anyone or anything that could cause harm or steal your data.
MyID® is a feature-rich credential management system (CMS) that enables organisations to deploy digital identities to a wide range of secure devices simply, securely and at scale.
Unlike passwords, one-time passwords (OTP) or other forms of MFA, MyID credential management uses Cryptography-based credentials to strongly bind a digital identity to an individual, enabling organisations to take control of their user identities, providing optimum protection against the number one case of data breach – weak or compromised passwords.
We work seamlessly with smart card and USB token vendors to provide the credential management software to easily manage your digital identities.
For more information see MyID