Petty cash wont cover the cost of this breach
Strong cloud-based authentication solutions can help mitigate the rising cost of data breaches and improve the security of corporate assets
The cost of a data breach has risen by as much as 78% in the past four years according to Ponemon in its latest breach cost analysis study which was published last October. In fact, 2013 was a record year for data breaches. According to DataLossDB, four of the top 10 breaches of all time occurred in 2013, with over 705 million records lost.
Considering Ponemon’s estimate of the average consolidated data breach cost of $136, we begin to see the extent of the loss. Add this cost to a finding published by Verizon in its data breach report earlier last year, that authentication-based attacks (guessing, cracking, or reusing valid credentials) were the cause of about 80% of breaches that involved hacking. At the same time, the Middle East region has been seeing increased activity from hacktivism groups, either for political, industrial or financial purposes.
These statistics are alarming, but organisations that are proactive about their security posture have the power to mitigate these risks significantly. Given that hacking is the most common cause of data breaches — and that the vast majority of hacking incidents are authentication-based — the most logical step would be to eliminate the use of passwords and implement strong authentication.
The approach to authentication need not be based on an ‘all or nothing’ concept. The assurance level assigned to various types of corporate assets should be determined by the sensitivity of the information being accessed and the implications of unauthorised access and data compromise. Using this logic, organisations can determine that different authentication methods can be implemented for different users depending on their organisational role, function, and need. For example, context-based authentication might be appropriate to roaming employees who frequently access cloud-based applications from mobile devices, while employees from the finance department would be equipped with hardware tokens to log into finance systems.
Adding to the potent threat environment underscored by the statistics above, is the fact that we are in the midst of an IT revolution, in which access needs are being shaped by the rapid adoption of SaaS applications, and the use of mobile devices to access corporate data. Any strong authentication solution therefore, must be able to accommodate cloud access and employee mobility.
All these requirements call for an authentication solution that can support a range of authentication methods, protect different types of corporate resources (cloud, network, virtual environments), and ensure secure access from different types of endpoints (mobile, desktop). These functional benefits can be optimised with an authentication solution that significantly reduces total cost of operation by offering cloud-based delivery and automated processes.
As the cost of data breaches continue to climb, security officers can contribute to the bottom line by implementing strong, cloud-based authentication.
Sebastien Pavie is regional sales director, MEA, SafeNet.