Data security is not simply a matter of encryption, secure networks, long passwords and firewalls. Often, insider negligence or malicious conduct is the leading cause of data breaches. Increasingly, biometrics are seen as the future of data security.
Passwords aren't much more than abc123
The most sophisticated encrypted network isn't very secure if a person can simply walk into the server room and stick a USB into one of the slots. Additionally, while passwords and randomly generated keys seem like strong protective measures, the truth is that they are still highly susceptible to hacking. Government Technology pointed out that addressing password security is high on the White House's to do list. Michael Daniel, cybersecurity coordinator for the president, recently expressed his views on password security at an international conference.
"Kill the password dead as a primary security measure," said Daniel, according to the news source.
"A fingerprint is much harder to steal or replicate than a password."
Today, passwords are used to secure bank accounts, server rooms and even accounts on Netflix, but experts argue there is a better way. Sadly, however, according to the news source, many business have not yet invested in technology that could lessen their security vulnerability. David Kane, CEO of Ethical Intruder told Government Technology mentioned that stealing passwords is not necessarily complicated, but the theft can be difficult to trace.
"The beauty of the password hack is, it's not elegant," said Kane. "But if I get the password of the CEO, people will never know that I hacked into the system."
This is why organizations should look into biometric security solutions. A fingerprint, for example, is much harder to steal or replicate than a password. Companies can use fingerprint scanners to control access to certain data and ensure protection from malicious hackers or negligent insiders. Biometric scans offer the dual function of serving both compliance and security.
The government and Apple are both fans of biometric technology
GCN Magazine reported that The Department of Homeland Security is big on biometric identity management. The DHS is not only looking for better ways to store and analyze biometric data, it is also investing in off-the-shelf solutions capable of business process management, transaction authentication and analytics capability. The agency is looking to replace its current tools with a DHS-wide system that will include, among other things, identification, verification and search. While the system uses all three methods of biometric identification: fingerprint, iris and facial, fingerprint remains the primary method. The high level of endorsement for biometric technology by the agency speaks to its sophistication.
According to SearchCloudSecurity, Apple may soon be expanding its use of biometric technology as well. Apple's Touch ID biometric verification system was introduced in 2013 with the iPhone 5s, allowing users to make purchases in iTunes and verify the transactions with a fingerprint scan. Up until now, the biometric data was stored on the phones, but that may change. If Apple expands the use of Touch ID to the cloud, users will be able to make payments with secondary devices, as well as through NFC or Bluetooth. The actual fingerprint scans would be secure, instead using "enrollment fingerprint data" to verify payments.
Data breaches are no joke
Business Insider reported that the cost of data breaches is rising. According to a study by Ponemon Institute, the average cost of a data breach is now $3.8 million, up from $3.5 million in 2014. The Ponemon Institute also found that the leading cause of data security breaches is non-malicious employee error, accounting for approximately 39 percent of instances. The institute explained that these beaches are typically due to negligence, complacency, or inadequate access controls to confidential data. Larry Ponemon explained that many companies are not aware of the reality on the ground.
"The rise in identity theft and cybercrime has made data security a top-of-mind issue for many Americans as well as corporations," said Ponemon. "Companies spend considerable resources to combat outsiders, and the data suggests they are successful. However, companies have begun to realize that to protect customer trust, company brand and competitive secrets, they must now focus on the threat within."
An MIT panel recently cited lack of spending as the main reason companies are susceptible to breaches, according to CRN. Christopher Hart, an associate at Foley Hoag data privacy and cybersecurity expert, commented that despite efforts to educate companies, they still reach for cheaper options over the best strategies in the market. Biometric identity management offers companies a way out of the compliance and security trap, but they will have to find their own way or face the consequences.