Clavister Blog Staff

How much is your security worth? About $250 – unless you use multi-factor authentication

In Blog post by Clavister Blog Staff

Organizations invest tens of thousands of dollars in their network IT security and data protection strategies. From technical solutions and training, to writing policy documents and mapping processes, vast sums of business resource is invested in ensuring that their most precious assets – i.e. their data – is behind a ring of steel, safe from the rapidly evolving threat posed by cyber-criminals. As a result the cyber-security market is expected to be worth more than $200 billion annually by 2021.

Organizations spend this money and invest time in protecting their data because they understand  –  or believe it to be – of extremely high value, either to cyber-criminals who can sell it on the black market, or potentially any competitor that is able to view it. They also understand that the fines they could incur by not robustly protecting that data could be into the several millions of dollars. So with this in mind, how much do you think your company’s data is worth?

According to a recent report, the approximate value is not as much as you may think, with employees willing to sell their passwords to criminals for as little as $250. Yes you read that correctly – $250 – as one in seven employees, in a survey of 4,000 across Europe, admitting they would sell their user credentials for $250 – while half of those would do it for even less!  That costly security infrastructure could all be worth nothing if an employee decides to pass on their credentials for a just a couple of hundred dollars.

These credentials give a criminal the keys to your network – enabling them to bypass most security defences.  So what can organizations do to address the serious risk posed to their data by an employee willing to take a small sum of money in return for their credentials?

The answer is two factor or multi factor authentication. These solutions take the powerful aspect of password protection – the fact that each user has their own unique code or signature with which to access a system – and strengthens it by adding an extra, even more context-specific verification layer. So, as well as a password that could be sold, the system also asks for data like a fingerprint or voice recognition (this is biometric verification), a hardware token, or an additional password or code that is either time-sensitive or single-use.  The latter option is usually easier and most cost-effective to implement, with the second code simply being texted to the user’s phone.

This means that any cybercriminal wishing to gain access to the system cannot do so without having access to the additional verification measures.  The added real power of this is, of course, that it acts as a deterrent to the employee as they can no longer simply say they were unwittingly compromised, making any breach traceable to them.

Clavister firmly believes that multi factor authentication is as critical to organizations’ cybersecurity posture as firewalls.  In 2016 we launched our own MFA solution, so that our VPN tunnel and web interfaces can now be secured with multi factor authentication, slashing the risk of companies falling victim to corrupted employees who could sell cheap access to your networks and data.