This article, authored by David Vergara, Director of Product Marketing at OneSpan, first appeared July 24, 2018 on Payments Source.
It’s remarkable just how many significant security breaches could have been prevented if only multifactor authentication technology had been deployed.
A lack of strong authentication is the reason behind the recent breach of the popular mobile app Timehop, which lets users see social media posts from the same date in previous years. The breach exposed the credentials, phone numbers and social media histories of more than 21 million users. What’s worse is there’s a considerable length of time that the hacker’s presence went undetected, making this application’s user identities ripe for theft.
Here’s what happened. A Timehop employee’s credentials were leaked, which gave a hacker access to their system. The use of strong authentication, multifactor authentication in particular, would have required the hacker provide a second form of authentication beyond a username and password. A failure of the secondary authentication would have stopped the hacker cold.
As mentioned on Payments Source, IBM Security issued a report earlier in July that revealed the high cost and impact associated with serious data breaches, much like the one at Timehop. The report suggests the average cost of a data breach globally is slightly less than $4 million (it’s nearly $8 million in the U.S.), but damages can extend into the hundreds of millions of dollars. Estimates say a breach of 50 million records or more can cost as much as $350 million in damages. Timehop was 21 million; imagine what a small investment in MFA technology could have saved them.
Making Multifactor Authentication a Business Priority
Still haven’t deployed strong security in the form of multifactor authentication? It’s high time to get started by choosing a solution that’s right for your organization and your end users. Multifactor authentication is a must along with complementary technologies like single sign-on, user directories and other systems that allow for strong authentication and protect social media, email communications and business-critical applications.
It’s easy to point the finger at a company’s IT department and say, “Why didn’t we have this stronger security?” As mentioned on Payments Source, the answer is sometimes simple — companies are confused about which technology to use, these tools were never intended to be used together, and integration can become expensive and cumbersome. Today, the right level of security requires additional technologies to keep up with the emerging threat vectors. All of this points to the urgent need for businesses to implement multifactor authentication and a risk-based approach to access management.
The IBM Security report also found that one major factor impacting the cost of a data breach in the U.S. was the reported cost of lost business, which was $4.2 million, more than the total average cost of a breach globally, and more than double the amount of “lost business costs” of any other region surveyed.
Make adding an MFA solution a priority. Your customers’ experience, brand reputation and bottom line depend on it.
*** This is a Security Bloggers Network syndicated blog from OneSpan Blog | Be bold. Be secure. authored by David Vergara. Read the original post at: https://blog.vasco.com/application-security/hackers-love-companies-that-dont-use-multifactor-authentication/