industry unlocked
Don’t underestimate
effective authentication
With threats showing no signs of
slowing, a wealth of new technologies
have been introduced to the financial
sector, including the likes of AI, Machine
Learning and biometrics. But even
those organisations with the newest
ground-breaking technology in place
can be compromised by something as
simple as a weak password. Getting
the basics right with authentication and
password policies is therefore crucial to
safeguarding enterprise data and should
really be considered a basic staple of
security hygiene.
As such, password management
should be a top priority. This should
include education for all staff on safe
password practices, how to create a
strong password and the importance
of using unique credentials across all
accounts. Because memorising complex
passwords for multiple accounts is
www.intelligentciso.com
|
Issue 13
Banks simply cannot
afford to make
assumptions about
the effectiveness of
their technological
defences.
practically impossible, organisations
should consider implementing solutions
that take the burden off staff. By using
a password management tool, all the
work is done for you and password data
remains secure.
Multi-factor authentication (MFA) is
one of the most effective ways to add
another layer of security to password
protected accounts, because the hacker
will be required to provide an additional
factor (a one-time code generated by a
hardware token, fingerprint, etc.), even if
they do obtain the password.
The Timehop breach, which affected
nearly its entire customer base of 21
million users, occurred because the
company hadn’t protected access to
its cloud network with MFA. While the
risks of skipping this step are clear,
a recent report found that only 16%
of banking/financial institutions had
adopted MFA, compared to 31% of
technology businesses.
Financial institutions can also seriously
benefit from leveraging advanced
offensive security, such as penetration
testing and ‘red team’ exercises to
improve visibility and security awareness
across the organisation. Red team
testing comprehensively exposes
physical, hardware, software and human
vulnerabilities before they become
entry points for hackers or provide
45