Subhead: When everyone’s data has been breached, how do you confirm employees are who they say they are?
In the aftermath of the Equifax breach in which millions of people’s Personally Identifiable Information (PII) was stolen, everyone from press to the Senate has been focused on the customers. From a consumer perspective, many still don’t know how to protect themselves or whether they should freeze their credit.
The attention is well-deserved, but consumers are not the only ones made more vulnerable by this major breach. Given that so many people’s PII has entered into the public domain, enterprises are at an increased risk to both internal and external attacker-based activity.
Sophisticated attackers have greater access to everyone’s information–that means employees and third-party contractors. And these individuals all need some level of access to sensitive information in order to do their jobs.
According to a Deloitte poll, the use of analytics to mitigate third-party supply chain fraud, waste, and abuse risk has jumped to 35 percent in 2017 from 25.2 percent in 2014. Contrastingly, over the past four years, consumer and industrial products professionals have reported the highest level of supply chain abuse for the past 12 months (39.1 percent).
Now, enterprises are starting to think about different ways to implement security controls to confirm someone is who they say they are without disrupting user experience. With that in mind, here’s a look at three approaches and best practices enterprises are adopting to improve user authentication of third-parties, and make sure that contractors are who they claim they are when logging onto your network:
- Adopting adaptive authentication. By taking a group of variables and establishing a set of rules, these perform risk-analysis checks in the background without disrupting the user experience, and delivers a risk score based on rules set by the security team. Some of the various techniques include determining whether the device been used before, comparing IP addresses against multiple threat intelligence, information and blacklisted IP addresses, and performing geographic location analysis.
- Leveraging behavioral biometrics. Analyzes the individual user’s behavior with the device, such as keystroke and mouse movements, to verify a legitimate user’s identity. When user behavior doesn’t match the true user’s patterns, they are prompted to enter a multi-factor authentication method. This is a well-utilized method in continuous authentication and thwarting insider threats too.
- Asking ‘why did authentication fail?’. Understanding the context around why some authentications fail is key to focusing in on potential threats and continuously improving security posture. Businesses need to ensure they gather further context across their systems (authentication, network, endpoint, etc) around why some authentications fail or are stepped up to provide further proof, build security plans, improve detection tools and accelerate incident response.
While the use of third-parties and contractors is a vital piece of many businesses, the Equifax and other PII breaches have changed the way that organizations must think about the risk of these third-parties. As we enter 2018, try to quantify the risk of third-party credentials being compromised, and consider what actions your organization might be willing to take to mitigate that risk.
[su_box title=”About Robert Block” style=”noise” box_color=”#336588″][short_info id=’104233′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.