Hackers soon will achieve deeper insight, devise more effective strategies, improve effectiveness
The first month of 2019 kicks off the new year with more news of data breaches and worry for businesses and consumers. Collections #1-5, originally discovered by Troy Hunt and others have been identified on the dark web. These massive data stores are aggregating data from previous data breaches and promise to provide a catalyst for a host of new and more effective cyberattacks.
What exactly are these data collections? Security researcher Troy Hunt, creator of Have I been Pwned?, identified and shared Collection #1. In his post, Hunt alleges this data is likely to be an aggregation of data from previous breaches. Over 87 gigabytes of data, Collection #1 contains more than 2.7 billion records of sensitive information including e-mail addresses and passwords. Since Troy Hunt’s discovery, other researchers have identified Collections #2-5, a whopping 845 gigabytes of stolen information – 22 billion additional records. Even after pruning duplicate records, the Hasso Platner Institute indicated these collections are more than 3x the records found in Collection #1. While many of these records are surely from previously known data breaches, HPI also indicated a significant number of records appear to be leaked for the first time.
These collections have already been widely circulated by hacking organizations – the horses are out of the barn, free to run wild. Perhaps you feel like they escaped long ago. Yahoo, Equifax, Google+, Marriott, and a long list of other companies have failed to protect your data. There are too many data breaches to even remember them all.
Why does this even matter anymore? This brings us to the power of data aggregation. In healthcare, data aggregation is enabling organizations to establish more credible and actionable data. Their goal is better health outcomes, better efficiency and lower cost. It means they have more and better-quality data. It provides them with a greater certainty about the right course of treatment, helping them move faster and more efficiently. It enables even more sophisticated analysis to continue to improve decision making and action plans. Data aggregation is, in essence, enabling health care providers to improve outcomes for patients by optimizing the path to patient care in an efficient and cost-effective manner. Sounds great for healthcare, right? Yes! But release of this power to the realm of hackers through Collections #1-5 and data aggregation looks more like the power of the dark side.
How does data aggregation provide hackers with more credible and actionable data? As companies and people became aware of breaches and changed passwords, companies added new secret questions, requested more information, including biometrics data to authenticate, and attempted to thwart cybercrime’s steady advance. With Collections #1-5 out of the barn, the power of data aggregation establishes a real force to help hackers. By analyzing more and better-quality data patterns and habits, tendencies of people and how they adapt, data aggregation will enable hackers to develop machine learning and perhaps even artificial intelligence applications to better understand human nature and improve outcomes in cybercriminal activities. In the case of cybercrime, data aggregation means the hackers now have the quantity and quality of data necessary to develop highly sophisticated social engineering tactics. They can optimize credential stuffing and brute force attacks. They can penetrate enterprise networks. They can develop highly customized phishing attacks. And they can do it all faster and cheaper than ever before.
How can you protect your customers? You may hear people proclaiming that passwords are the problem. The reality is that you’ve invested a lot in your existing infrastructure and your authentication solutions rely on the password – it’s entrenched in so many systems that alternatives are simply not achievable without significant new investment in money and time. You would have to transition your customers to a whole new solution. And who’s to say the new solutions will be any more secure. The good news is that additional technologies can be layered to provide multifactor authentication and limit the effectiveness of hackers without ripping and replacing entire systems.
But which multifactor authentication tools are best for you? Some create obstacles for users and many companies are reluctant to interfere with or degrade their customers’ experience. People are, and rightfully so, concerned about sharing additional information to authenticate. Whether it be using biometrics or apps that track your location and capture other personal data to authenticate, people are concerned about even further privacy intrusions. The past shows us that companies are rarely able to adequately protect our privacy. And that hackers are sufficiently innovative to bypass many of these measures. Recent trends are proving that behavioral biometrics solutions, sometimes referred to as passive authentication, provide best-in-class options for multifactor authentication with preservation of privacy.
Authentication products like TickStream.KeyID provide multifactor authentication without the need to change your entire system or method to authenticate users. Because behavioral biometrics analyze the behavior your customer is already performing, it doesn’t require a change in their experience (customers like better but they hate change) – customers simply continue to enter their password like always. Their unique behavioral profile essentially becomes the key that makes the password effective, without which, a hacker could not leverage data aggregation to compromise your credentials.
Regardless of whether or not your company has been breached, data aggregation means hackers will develop new methods to attack companies of all shapes and sizes and they will do it at scale, with an efficiency and effectiveness like we’ve never before seen. Companies should waste little time adding a behavioral layer of defense before becoming the next victim of cybercrime.
Keywords: Security, Cybersecurity, Privacy, GDPR, Passwords, Authentication, Behavioral Biometrics, KeyID, CIAM
#Security #CyberSecurity #Privacy #GDPR #Passwords #Authentication #BehavioralBiometrics #KeyID #CIAM