Authentication is the first line of defense for every government, corporation, and individual. As today’s world depends on ones and zeros for its every need, cybersecurity safeguards the priceless information stored on networks and servers against bad actors, and maintains promises of data confidentiality, integrity, and availability. In essence, an organization’s credibility is only as good as its last cybersecurity check.
It’s not just on principle either. From 2021 to 2023, there was a 72% increase in cybersecurity breaches, making it the least data-secure years in all of history. Subpar cybersecurity has become more expensive with each breach that reaches a targeted organization’s radar costing a global average of $4.9 million. A study of 28 large breaches found that they negatively impacted those companies’ long-term stock valuations by 3.7% as investors lost confidence in their security practices. Concurrently, two-thirds of US customers report that they would sever ties with companies following a breach.
In addition to the lost business, an average of $1.24 million is spent on both detecting the breach and handling its fallout, which includes investigations, audits, crisis management, and communications like notifying breach victims. Then, another $1.14 million is spent on post-breach attempts to patch and rectify the leak, including discounts, legal expenses, and regulatory fines due to insufficient data protection. And hackers are only becoming bolder. As only 0.05% of cybercrime entities are identified and prosecuted, there is little opportunity to prevent their perpetration through deterrence.
With the material costs of cybersecurity breaches growing every year, stricter and more robust data protection should become increasingly relevant to any organization’s day-to-day operations.
What is overlooked is that 68% of breaches are caused by human factors, i.e., falling victim to phishing attacks or security errors like insecure passwords. As security systems become more complex, organizations can suffer from ‘cyber fatigue.’ Defined by Cisco as “virtually giving up on proactively defending against malicious actors,” cyber fatigue only increases the likelihood of subsequent attacks.
“Today’s cybersecurity solutions often focus on securing what is behind the firewall, while unintentionally ignoring what’s in front of the firewall – user login authentication. In other words, the company’s ‘Virtual Front Door’ is unlocked and wide open for hackers to enter. An organization’s first line of cybersecurity defense is to lock the Virtual Front Door, keeping hackers out, allowing employees to be more productive, and ultimately keeping your business profitable,” says Dovell Bonnett, founder of Access Smart, a technology and cybersecurity company that specializes in authentication technology.
Looking closely at these concerns, the feasibility of any potential solution only goes as far as how it is implemented. Rather than tweaking password length, how often they’re changed, or the amount of special characters, security is a matter of infrastructure. Without infrastructure, passwords can be as secure as possible and still fail at data protection.
The weakest link in cybersecurity is employee-managed passwords. When employees find cyber security cumbersome, they find workarounds. “The security pundits will trade convenience for security, insisting on onerous password requirements. My position is, why can’t you have both security and convenience?” states Bonnett.
True MFA depends on combining multiple dissimilar factors (something you know, something you have, something you are) to verify the identity of a user. A common misconception is the use of two-step verification as MFA. For example, if the first factor is something you know (i.e. a password), and the second factor is also something you know (i.e. a text message sent to your phone), that is not true Multi-Factor Authentication. That is two-step verification. To achieve true MFA you must use dissimilar factors, such as an ID badge plus a PIN.
Instead of increasing the burden on every individual in an organization and making each user a potential point of failure, there is a much simpler, cheaper, and more effective solution. By redirecting password management away from employees, IT can now take control of network security, utilizing existing employee access control badges. The same technology that gets employees through the physical front door can also get them through the ‘Virtual Front Door.’
When users verify their identity using their ID badge and MFA, all the other security verifications can now be handled by specialized software. “Passwords are a secure method of authentication. It’s how they have been managed that is not secure. Don’t believe the hype to ‘kill passwords.’ Instead, kill employee-managed passwords,” explains Dovell. According to a Microsoft report 99.9% of data breaches can be prevented by combining password management with MFA.
Logging in to company computers or using company networks can be as easy as presenting your ID badge to a reader. The badge activates software that generates secure usernames and passwords automatically. Now you can create passwords that are hundreds of characters long, without the need to remember or type them, making passwords almost impossible to brute force attack.
Combining True MFA, password management, and IT centralized control adds additional benefits. It eliminates the time and productivity lost in employee-managed systems and forgotten password resets, provides employees with fast and user-friendly access to all company accounts, and strictly adheres to industry and governmental standards of compliance to reduce liability.
Access Smart was founded in response to the growing threat of cybercrime in an increasingly digital world. Their software, called Power LogOn, enables IT teams to protect sensitive data, taking the ‘Virtual Front Door’ key out of the hands of employees. Power LogOn has been utilized by government agencies, defense systems, cloud platforms, and private institutions. As Dovell notes, “All the amazing backend security a company can implement no longer matters when an employee’s password is stolen. Any company that allows employees to manage their own passwords has relegated IT security to their weakest link.”
VentureBeat newsroom and editorial staff were not involved in the creation of this content.
