Cybercrime is global, but so is the remedy

Date: 2021-08-17
Author: Chin Jien Lau, Technical Consultant

Next >> vSECCMS61 Our Improved User Self Service Benefits

Previous << Hardware Based PKI Webinar

The biggest headline-grabbing cybersecurity breaches often originate in North America and Europe, but as we all know cybercrime is a global problem, and the same commonsense approaches to cybersecurity are applicable around the world.

In the ASEAN region, where I lead the Versasec office in Malaysia, there have been many notable data breaches like Astro, a Malaysian satellite television and IPTV provider. In that hack, subscribers’ names and ID card numbers were leaked. In another well-publicized hack, information from around 30 million passengers including passport details, home addresses and phone numbers were stolen from Malindo Air, owned by Indonesian Lion Air Group, a Malaysian premium airline. In nearby Indonesia, the e-commerce platform Tokopedia suffered from the theft of information from 91 million accounts.

While this is a competition no one wants to win, Western Europe and North America certainly don’t hold the monopoly on hacks.

In the cases of cybercrime in my region, most hacks are attributable to phishing and password fatigue with users failing to change passwords or falling prey to hacker’s email requests. The human element is the most common source for cybersecurity breaches.

In the incidents I’ve cited, multi-factor user authentication (MFA) -- and hardware-based MFA in particular -- would have prevented the breaches. Hardware-based MFA takes security to the next level where users rely on more than just passwords. That means authenticating themselves based on multiple factors including “something you know,” such as a password or identification card number; “something you have,” such as an ID badge or smart token; and finally “something you are,” such as a biometric signature like a fingerprint or retinal scan information.

When coupled with a proper identity and access (IAM) system logging all authentication and access instances, companies that use MFA create a more robust ecosystem that allows access only to genuine users with verified access privileges. It also creates an audit trail of what users did while on the system, such as making system configuration amendments.

MFA would have prevented the breaches discussed earlier. The single factor stolen user PINs would have remained useless without the other access factors required, including the smart token and the biometric information.

What we’re also seeing in many parts of the world is that with MFA implemented correctly, many IT administrators are even disabling some well-entrenched password policies such as regular password expiration, which is one of the main causes of password fatigue.

Want to learn more about how Versasec can help with managing your MFA solutions? Drop us a line by clicking on the CHAT button here: https://versasec.com/


Photo by Luther.M.E. Bottrill on Unsplash

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact. To learn more, bookmark our blog![more]