Imposters Targeting Your Employees: 3 Keys to Effective Workforce Authentication
Posted June 25, 2018
As if cybercriminals trying to crash your gates weren’t bad enough, many are impersonating your employees and contractors to do it. Are your workforce authentication systems up to the challenge?
The fact is, there’s a 27 percent chance your organization will suffer a data breach within the next 24 months—and it’s going to cost you between $1.1 million and $3.8 million, according to research from Ponemon Institute cited by CSO.
Indeed, as CSO points out, organizations doing business in the EU face a special risk given the GDPR data protection rules now in effect. The cost of security failures could cost you 4 percent of global revenues or up to 20 million euros, whichever is more.
As we’ve seen with Yahoo and others, successful cyberattacks aren’t exactly easy on share price either.
But even as businesses race to shore up defenses, fraudsters have figured out a foolproof way around them—namely by posing as employees or members of your extended workforce. In fact, the complexities of policing access privileges for remote employees, contractors and supplier firms can be enormous. You may have limited or patchy knowledge about them, but crucial business functions rely on their access. In the result of a breach this can cause harm to your business and your customers.
Usually direct and contract employees are merely victims, however sometimes they’re unwitting accomplices to these outside attacks by falling victim to social engineering schemes or sharing passwords and user credentials against company policies. Whatever the case, fraudsters have plenty of ways to acquire the credentials needed to access your systems undetected.
Here are three important keys to stopping them:
#1 KYCE: Know Your Contractors & Employees
There are numerous ways that user credentials can be stolen or misused, and it happens more than you may realize. Think weak passwords and employees who share login credentials across multiple applications. Then there are phishing, social engineering, malware and botnet attacks designed specifically to pilfer all those IDs and passwords en masse.
Challenges to defending against all this can be significant. Provisioning biometric readers or one-time password devices isn’t always practical. And even when they’re added, they do not always protect against some forms of attack. Meanwhile, adding extra authentication steps can negatively impact user productivity and disrupt operations.
The key is to deploy solutions that give you the ability to instantly recognize trusted users to speed up authentication while denying logins from known sources of fraud—and reserving step-ups only for suspicious situations.
In recent years, savvy organizations have come to recognize that a digital-identity based approach to workforce user verification and authentication is invaluable for this. The idea: recognize anomalies in access and behavior that could signal an imposter on the move.
The challenge there: gaining access to the global, shared intelligence needed to establish digital identities for each user by analyzing the connections between these users and all of their devices, locations, accounts, anonymized personal information and more.
#2 Be Smart about BYOD
It’s true that remote access and “Bring Your Own Device” (BOYD) policies can dramatically increase the productivity and flexibility of employees and contractors who may do their work on any mix of company- or personally-owned desktops, laptops, smartphones and tablets. But you need to put additional protections in place so BYOD doesn’t end up being “Bring Your Own Disaster.”
The fact is, devices can easily get infected by malware, experience session hijacking through unsecured Wi-Fi networks at their own companies or in public or get compromised through shared passwords. As a result, providing secure access to mission-critical applications has become more important—and more difficult—than ever before.
Point-based device profiling solutions can definitely help. But they can also prove cumbersome and can lack the synergies and device intelligence to work together effectively.
Generally speaking, organizations pursuing a digital identity-based approach are on the right track. But that’s only so long as their solutions include real-time device profiling as part of their analysis of the users and devices accessing their systems, from throughout their business ecosystem.
#3 ‘Visualize’ Success
Whatever the approach organizations pursue, they will likely benefit from providing security and fraud teams with a set of visualization and analysis tools that enable them to understand enterprise application activity and take the necessary steps to mitigate threats as they evolve in real time.
Tools that make it easy to configure access and authentication policies are a must. Some organizations may also want to prioritize solutions that allow them to continuously evaluate and verify risk scores and corresponding policies to validate and enhance policies in real time.
The goal of all this is to easily detect and distinguish between authorized users and imposters attempting to access business systems without disrupting business.
To the extent organizations can pull it off without causing friction or adding irksome tokens or pricey new infrastructure, the more it’s a win-win for everyone.