Hackers were prolific in 2015. According to the Identity Theft Resource Center, there have been an estimated 750 breaches this year, affecting over 177 million records. As nice as it would be to write it off as a fluke, the cyberthreat landscape is primed to get worse. Increased adoption of mobile devices in the workplace and migration to virtual services such as cloud computing in conjunction with a continual rise in phishing attacks and attempted breaches of critical infrastructure will create a perfect storm of cyber risks. Hopefully organizations bring an umbrella.
In fact, in 2016, organizations might need a raincoat and an umbrella. Electronics IDs and other forms of two-factor authentication will be absolutely necessary for organizations to guard themselves from the impending storm of cyberthreats.
The mobile-first mindset will create new vulnerabilities
Enterprise mobility has gone from an idea, to a buzzword to an office mainstay. Almost anything that can be done on a traditional desktop or laptop can now be done on the go with multi-functional mobile devices. Thus, it only makes sense that as more employees opt to work remotely, and the pace at business-related communication accelerates, smartphones and tablets would represent a huge value proposition to businesses of all sizes. However, mobile devices are easily lost, and the inclusion of bring-your-own-device policies creates new vulnerabilities within company networks.
One way to bolster security in the age of enterprise mobility is to turn smartphones into multi-factor authentication tools. An ESG report notes that in 2013, 43 percent of companies
were already using multi-factor authentication to bolster workplace security. Three years later, any company that has not begun leveraging two-factor authentication is behind the curve. Businesses that want to get ahead of it, and more importantly, stay one step ahead of hackers and fraudsters, should explore using smartphones - either corporate-provided or BYOD - as authentication tokens.
"Lost mobile devices don't have to pose a threat to businesses."
This achieves two things. Firstly, it enhances network security by creating a new layer of authentication. Secondly, it improves mobile device management
for enterprises by helping to verify the identities of mobile device users within the office. In the not-too-distant future, it is possible wearable technology, including smartwatches and fitness trackers, will also need to be imbued with this level of authentication. With the additional incorporation of soft tokens that leverage single-use login data, lost mobile devices don't have to pose a threat to businesses.
Alternatively, mobile devices can be integrated with biometric verification. Fingerprints and retinas are some of the hardest authentication criteria to fake.
Hackers are in the what?
Some of the most serious breaches of 2015 were against government agencies and health care organizations. The Office of Personnel Management breach exposed records of as many as 21.5 million people
. The Anthem Blue Cross breach compromised personal information of another 80 million
. These breaches sunk into the national consciousness in a big way, receiving comprehensive coverage because of the scale of the beach, and the high-value nature of the targets. The fact that they happened at all is reason enough for organizations and agencies in both sectors to adopt stringent authentication standards - that is, if they have not already done so.
However, even hacks of government agencies and health care organizations pale in comparison to some of the new potential targets - and no, it's not the mainframe. According to a study think tank Chatham House released earlier this year, nuclear facilities are at growing risk
of falling prey to cyberattacks.
That's not all. Hackers are also in the electric grid - or at least they're trying to be. In 2014, the U.S. energy grid was attacked 79 times
, according to CNN. While it will certainly take a lot more than eIDs to protect the electric grid, ironclad authentication processes will be an absolute necessity for any company network that can be somehow be leveraged. The consequences of a breach can be incredibly damaging to a variety of industries, and can even result in threats to national security.
The cyberthreats of 2016 are nothing to scoff at. While eIDs have been widely adopted by organizations, it's time to improve upon their efficacy by incorporating two-factor authentication and other more advanced identity verification tools. A lot depends on it.