Commenting on the latest IdentityHawk ID breach report, SecurEnvoy says that the fact that there were 54 publicly-known breaches during September - and 10.46 million online records potentially accessed without permission - is a horrifying statistic.
According to Steve Watts, the co-founder of the tokenless two-factor authentication specialist, this is a massive increase on the 678,000 online records reportedly compromised during August and is a figure that any IT security professional would throw up their hands in absolute horror and astonishment.
"This level of identity breaches - even for a country the site of the US - is still way too high. The even bigger question that any professional would ask, however, is how many more unreported breaches were there during the month. Our observations at SecurEnvoy suggests that this number is probably running well into the hundreds, with a consequential similar boost to the number of unreported - but compromised - online records," he said. "It's also interesting to note that only 26.5 per cent of the breaches noted in the September report were the result of hacking, suggesting that the majority of identity compromises were the result of human error, as well as internal threats such as rogue employees,” he added.
These two latter categories of identity breaches, he went on to say, are an often-overlooked security issue in many organisations, who tend – perhaps understandably given the plethora of media reports on the subject – to focus on the issue of defending their digital data assets against external attacks from cybercriminals, hackers and other perceived threats. The reality, he explained, is that internal security in an organisation is every bit as important as the external firewalls, spam traps and IT/anti-virus safeguards that all businesses now use to a greater or lesser degree. But the problem for many IT admins, says Watts, is how to create an authentication systems for staff that is both secure and easy to use - as well as robust enough to be used both inside and outside the organisation - as research has proven that the more complex and cumbersome a staff authentication system is, the greater the propensity for staff to work around the security in the mistaken belief that they are doing their jobs more efficiently.
“And this is where tokenless two-factor authentication comes into the frame, as most staff carry their mobiles around with them when inside the company building, if only to stay in contact at all times, as well as check all those social networking sites. Likewise when they are out and about, so it makes sense to use a device that is constantly in their possession to authenticate themselves,” he said.
“Authentication is about using something you know alongside something you have. With tokenless two-factor authentication, staff can better defend their own identities and, in doing so maintain the security of their organisation's IT resources, as well the records their organisation holds on behalf clients and customers,” he said.