Article posted: May 31, 2017
By Joakim Thoren, CEO
This week, Fortune reported Target reached an $18.5 million settlement with 47 states and the District of Columbia over a massive data breach in late 2013. The hits keep coming for Target: over the past four years, the mega retailer has shelled out $202 million as part of this costly data breach.
But even multi-million settlements can't begin to cover the untold cost in damages to reputation, lost sales and general distrust amongst its customer base. Target's CEO lost his job because of the oversight.
There's a lesson in all of this. Nearly a quarter of a billion dollars in losses, stock dips and major employee job upheavals could have been prevented by insisting all employees and third-party job contractors use some form of two-factor identity and access management. It's well documented that cyber attackers had accessed Target's gateway server through credentials, most likely a password, stolen from a third-party vendor.
And yet, many companies still rely on only the most basic of security. It's more important than ever that multinational organizations and small and medium-sized businesses require third-party vendors or contractors use multi-factor authentication when accessing sensitive corporate data. Two-factor identity is simply comprised of a knowledge factor, such as something the user knows like a password, PIN or shared secret, combined with a possession factor -- something the user has -- such as a security token, smartcard or ID card.
Two-factor authentication is hardly new, which makes these breaches even more egregious. For the past decade, the US government has mandated that all government employees and contractors use multifactor identification when dealing with any government business.
It's difficult enough to stay ahead of malware and DDoS attacks; organizations collectively spend billions each year on network security. Why let a simple password be the only barrier between a criminal and the company's most sensitive data? The Target breach is an extreme example, but every time it resurfaces it is hopefully one that has organizations of all sizes reevaluating their security protocols to protect their greatest organizational assets - data!
Every organization should be following the US government's lead in mandating that all contractors and employees use more than simple passwords to access secure data. Passwords alone cannot adequately secure any organization.
And the impact of one breach, as evidenced by Target, takes years to overcome and can cost millions in damages. To learn more about how your organization can protect its data assets with identity and access management solutions, visit https://versasec.com