Verizon’s latest Data Breach Investigation Report was made public earlier this week. This report contains a number of topline observations regarding the growth in ransomware, the fact that many security breaches are driven by organised crime, etc.
Rashmi Knowles, Field CTO for RSA Security, commented below focusing specifically on this access and ID element of the story.
Rashmi Knowles, Field CTO, EME at RSA Security:
“The use of stolen credentials has been the most successful attack method according to this year’s DBIR, which suggests the biggest struggle for enterprise is still identity and access management. Caches of credentials are available for pittance on the dark web, and provide an easy attack vector for hackers, who know that users rarely change their passwords. This is why two-factor authentication is a must-have for businesses. Passwords by themselves are clearly not a strong enough defence. However, the key is to balance convenience with security, to ensure that users behave securely – for instance, using proximity-based identity solutions that connect to a user’s mobile, or biometrics such as iris and fingerprint scanning, users can easily demonstrate that they are who they say they are without having to jump through too many hoops, while still reducing risk for the business.”