“How did the data get out?”
The question nobody wants to hear from their boss. It’s a nightmare for corporate management, press officers and security teams. Blame flies around the office while brands and careers are damaged in equal measure. Everybody wants to know how this happened and how to prevent this from ever happening again. Before we get onto that, take a look at the causes behind some high profile security breaches and data loss events:
- Stolen usernames and passwords (e.g., MacRumors)
- In-the-middle attacks to bypass authentication (e.g., Ubuntu Forums)
- Bad user permissions and restrictions (e.g., Edward Snowden)
- Disgruntled employees (e.g., Chelsea Manning)
- Hacked network or website vulnerabilities
How does using two-factor authentication or biometrics make you more secure than just a strong password?
When you consider two-factor authentication or biometrics in relation to recent breaches, it’s obvious that they improve security but wouldn’t protect against all types of attacks. For example, Chelsea Manning and Edward Snowden both had correctly issued user accounts and appropriate permission levels. Imagine how events would have been different if they’d shared their passwords with nation states instead feeding documents to the press. Would we have ever known? On the other hand, in-the-middle attacks bypass authentication altogether. No matter how many factors or bands of authentication you stack up, it just doesn’t matter. The bigger question is:
Do you know who the user really is?
If a bad guy gets malware into one employee or customer computer, no amount of front-door authentication can provide an accurate risk assessment. And in the case of stolen or mishandled user credentials, no amount of network penetration testing will help you. So what can you do? To prevent the embarrassment, financial and legal ramifications of data-loss “firms should seek a multi-layered approach,” according to Gartner VP, Avivah Litan.
How you can tell who the user really is
If you could understand how users behave, how they scroll their phone or their typing patterns, where they prefer to work from, you could invisibly look for deviations in the smallest behavioural traits. This gives you the ability to spot password sharing or theft, even when in-the-middle attacks have allowed the user to log in correctly and then taken over their activity. Understanding the user in-session, past the point of authentication is a technology we call:
Continuous Behavioural Authentication
When you are holding sensitive data, the best practice is to continuously authenticate every sign-in event. Once a user gains access to your system, what they do with that access is an incredibly powerful indicator of who that user really is. Behavior analytics complement existing front-door authentication techniques and can be a key element of Litan’s “multi-layered” approach, it may not solve the exploitation of website vulnerabilities, but it is a powerful new layer to your existing security.