If you’re like most companies, you’re probably neglecting two areas that could protect you against a damaging cyber attack — risk profile and authentication systems. That’s what experts reported during the “Privacy. Security. Risk. 2015” event in Las Vegas this month.
The lack of strong authentication systems is prevalent in the industry, opening companies to the possibilities of debilitating cyber attacks, according to investigative security reporter Brian Krebs, a speaker at the event. Krebs said that relying on PII (personally identifiable information) like social security numbers and birth dates can lead to data privacy breaches like the one launched on the IRS.
“From my perspective, an over reliance on static identifiers to authenticate people is probably the single biggest threat to consumer privacy and security,” Kreb said.
Another area that should be of concern is the lack of risk profiles, according to guest speaker Kris Lovejoy, president of Acuity Solutions and former general manager of IBM Security Services. She pointed out that companies should develop individual risk profiles that reflect each user’s access to sensitive data.
Using data gathered from IBM security research, Lovejoy noted that an organization with 15,000 employees would face 1.7 million security events each week, with 324 involving security attacks. Of those, 2.1 attacks would result in a security compromise.
Companies of all sizes are threatened by breaches, she added. Anyone who doesn’t believe their company hasn’t had any compromises is in denial. “This is a biological model and we’re all infected,” she said.
To protect your company, employees and clients from the risks of a cyber attack, include the following measures as part of your data security plan:
- Develop effective risk profiles. Lovejoy pointed out that employees who have access to PII should be assigned a higher risk profile that requires stronger authentication and data privacy protection measures. The assignments should begin as soon as an employee is onboarded, assigning him to a risk profile group that triggers an access management system that automatically determines his access to the systems.
- Revamp authentication processes. According to SafeNet, you can implement a strong authentication solution by incorporating a multi-factor approach. Those can include one-time passwords (OTP); certificate-based authentication (CBA); and context-based authentication. Follow up by ensure that authentication is required for access to any sensitive information.
- Hire a security consultant. A consultant with expertise in data security can help identify areas of weakness within your company, and provide direction on how to resolve them. A professional also should be able to keep you up to date on how to protect your company against the latest threats.
At Lifeline Data Centers, we place a high priority on security measures. Find out why companies of different sizes and in various industries rely on us for colocation services. Contact us today to find out more.