In response to new research findings from Risk Based Security that over 2.6 billion records have been exposed in 2,300 data breaches so far this year, with fraud accounting for 47.5 percent of exposed records and while hacking accounting for 54.6 percent of all reported breaches, experts with OneSpan and NuData Security offer perspective.
Michael Magrath, Director, Global Regulations & Standards at OneSpan, Inc.
“2.6 billion records is a staggering number. Sadly, Americans have become accustomed to breach notification letters arriving in the mail with offers of free credit reporting. Not surprisingly the report notes that phishing for usernames and passwords then using the stolen credentials to access systems or services stands remains a popular attack method utilized by hackers. Phishing will not go away because it’s just too easy and the success rate has been historically high given reliance upon static passwords gain entry. With GDPR now in effect, organizations relying on passwords to protect EU citizens’ data could find themselves in the cross-hairs of the EU should they be breached.
Employee cybersecurity education has helped organizations reduce successful phishing attacks, but education only goes so far. An easily exploitable attack vector, phishing can be mitigated with affordable, user-friendly multi-factor authentication. User convenience is no longer an issue as secure, risk-based technologies like behavioral biometrics work in the background while eliminating the reliance upon insecure passwords.
Ryan Wilk, Vice President of Customer Success at NuData Security:
“The sheer numbers of records exposed are driving eCommerce entities, merchants, financial institutions, and other user-facing sectors such as healthcare to protect themselves and their customers by substantially stepping up real-time fraud detection and mitigation.
“These companies are increasingly taking steps to ensure that the massive amounts of stolen credentials cannot be used by fraudsters to log into an intended victim’s account, or otherwise be used for fraud. Fortunately, new multi-layer approaches incorporating passive biometrics and behavioral analytics are enabling retailers, eCommerce entities and others to actually analyze user interactions and contextualize behavior in real time before fraud can occur. The user’s identity is verified through hundreds of indicators, including data from the legitimate account holder’s unique online behavior. This is a far more effective way to verify users than sole reliance on static information such as passwords and security questions. NuData’s approach also ensures that any sensitive consumer data, for example identifying information, is either not collected, or first passed through a cryptographically secure hash function so that it is irreversibly obfuscated. Such unique information defies fraudulent replication and helps stop fraud attempts in their tracks.”
