Combating California Breaches with Multi-Factor Authentication

California is the king of innovation, from the earliest ventures in filmmaking to today’s Silicon Valley technologies. So it’s not surprising that California has been at the vanguard of cybersecurity, being the first state to enact a breach data notification law in 2003.

Laws don’t stop cybercriminals, though – and California has seen a sharp rise in breaches the last four years, according to The California Data Breach Report. Consider these chilling realities:
• There were 657 data breaches involving more than 500 records from 2012-2015 – impacting a total of more than 49 million records of Californians.
• In 2012, 2.6 million records were impacted; by 2015, that number rose to 24 million.
• Nearly 3 out of 5 California residents were victims of a data breach last year.

Every industry is affected: schools, hospitals, restaurants, retailers, banks, hotels, government agencies and more. Any of them can suffer severe consequences, such as brand damage, class action lawsuits, lost business and regulatory fines. Their users and consumers see their social security numbers, payment card data, medical information, and driver’s license numbers and other personal data fall into criminal hands. According to Javelin Strategy & Research, 67 percent of 2014 breach victims in the U.S. were also victims of fraud.

Its clear organizations aren’t fulfilling their obligations to protect their customers. Most of the breaches in California were due to security failures – and most systems were compromised more than a year after the solution to patch the vulnerability was available. These breaches could have been prevented.

Stopping the Mayhem with Multi-Factor Authentication

From the report, two truths are clear:
• Organizations need to step up their security game and protect their consumers and the data they collect. That means sharpening their security skills and controls and implementing the right technologies
• Passwords and usernames are not working as adequate security measures. Additional measures are needed – which brings us to the report’s recommendations, specifically for multi-factor authentication

According to the report, “Organizations should make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information. This stronger procedure would provide greater protection than just the username-and-password combination for personal accounts such as online shopping accounts, healthcare websites and patient portals, and web-based email accounts.”
Passwords aren’t always as unique, complex and concealed as they should be, and people don’t change them as often they should. Multi-factor authentication solves those shortcomings by adding additional layers that effectively thwart attacks.

Usually these factors take the form of:
• “Something you know,” such as a password
• “Something you have,” such as a token or a one-time code sent to a phone
• “Something you are,” such as a fingerprint or behavioral biometrics

Criminals might steal a phone or hack a password but they can rarely satisfy all of the requirements to get past multi-factor authentication.

Distancing Ourselves from Yesterday’s Technology
Many businesses still think of multi-factor authentication as a burden, a layer of security that comes at the expense of the user experience. But that’s yesterday’s technology. While the early days of cumbersome two-factor authentication cast a shadow on the technology, times have very much changed for the better. Advances in adaptive authentication have brought to market a number of options that help users stay both secure and productive by layering multiple methods such as, device recognition, analysis of the physical location of the user, or even the use of behavioral biometrics to continually verify the true identity of the end user. By layering adaptive authentication techniques, organizations can further strengthen their defenses against cyber adversaries.

Laws don’t stop cyberattacks. Technologies do. The rise in California cybercrime proves that businesses can’t wait any longer to adopt solutions that will keep their reputations, their data and their customers safe.

Leave a Comment

Leave a comment

Leave a Reply