ID thieves targeting SMBs, 2FA could be the solution
By Lukas Raska August 19, 2014
- SMBs offer easier way to access a larger pool of vendors, partners and customers
- For many SMBs, 2FA is a scalable and cost-effective option to protect themselves
PERSONAL data is an extremely valuable commodity for cybercriminals. This new underworld currency can be used for a host of malicious activities, which as a recent study from Javelin Strategy and Research highlights, is driving the growth of identity theft, now a multibillion-dollar industry.
Recent cases such as the SingPass breach in which 1,500 user accounts were compromised, reminds us that personal data and identity theft is a global issue to which small and medium businesses (SMBs) in Asia Pacific are not immune.
SMBs are low-hanging fruit
Recent research from Verizon has revealed that two-thirds (67%) of breaches investigated occurred in smaller organisations (fewer than 100 employees) which were often small, independent franchises of larger firms.
There is no doubt that the number of targeted attacks against SMBs is growing, and there are a few reasons for this.
SMBs generally have smaller budgets to allocate towards cybersecurity, making them a lot easier to penetrate for today’s sophisticated and often well-funded attacker.
Next, unlike larger firms, SMBs are also less likely to have hired personnel whose key role is to protect that data. SMB websites are also often less secure, making them an easy access point for cybercriminals.
The biggest misconception is that it might look like hackers have a lot less to gain from hacking small businesses. However, in many cases, SMBs are in fact low-hanging fruit, offering an easier and quicker way to access a much larger pool of vendors, partners, customers and more.
Two-factor authentication, also known as 2FA, is a dual-step verification process that requires users to input not only a password and username (something known), but also a one-time code from devices such as mobile phones or secure tokens (something owned).
While a strong password may go some way in resisting brute-force attacks, one-time passwords are randomly generated by a 2FA system and cannot be predicted or reused, effectively adding another layer of protection during login.
Hence, given the limitations of password-only systems, 2FA is presently the most ideal option for SMBs to reduce the risk of having their data stolen without the need to break the bank.
For many SMBs, 2FA is a scalable and cost-effective option to protect themselves and their customers from identity and data theft.
Beyond 2FA: What SMBs need to do
While 2FA offers additional security over password-only systems, there is currently no ‘magic bullet’ against attacks.
Instead, SMBs should exercise additional precautions in combination with 2FA in order to minimise the likelihood of a data breach, including:
- Making sure employees, partners and vendors, who are an organisation’s front line in security, are aware of the relevant protocols in keeping their network secure, including the responsible use of social media and enterprise applications;
- Installing an effective endpoint security system that includes antivirus and anti-spyware software and robust endpoint encryption solution that scrambles USB and optical media, emails, attachments and laptop hard drives;
- Empowering a member of staff to take charge of data protection as part of their role; and
- Ensuring that all security software is up to date.
Cybercrime has evolved greatly over the last 30 years. It started with viruses and evolved to hacking and malware.
Today, identity theft is one of the most damaging threats to businesses in the region. All it takes is a single breach to bring an entire business to its knees and cause a huge inconvenience for those who have trusted businesses to keep their data safe.
As such, 2FA remains one of the most cost effective options for SMBs and other businesses, to protect against the loss of critical personal data that can lead to identity theft.
The real cost of each breach is immeasurable, especially when there is loss of intellectual property, damage to the brand or disruption to the business.
It is also critical for businesses to make sure they have the correct organisational structures and protocols in place to further enhance security levels, no matter the size of their organisation.
Lukas Raska is Asia Pacific chief operating officer of ESET who specialises in change management and strategy. ESET is a Bratislava-based global provider of proactive security solutions for businesses and consumers.
The end of passwords, and other IT predictions
Two-factor authentication solution for electronic-statements
Adaptive identities coming to forefront of security: RSA