The costs of data breaches keep escalating, in terms of dollars and consumer trust.
It’s too early to assess the financial cost to Yahoo for the recently revealed breach of user names, passwords and other personal data. But I shudder when I think about the ripples the breach sent through a pool of an estimated 1 billion users who trusted Yahoo to keep their data secure, with consequences larger than just money.
The 2013 attack is only one of many types of attacks that data security professionals must guard against. Another type of hack on the rise is known as the account takeover attack (ATO). In this scenario, cybercriminals recruit armies of bots (often private computers infected with “zombie” malware) to hit websites with thousands of login attempts in short periods of time, in an attempt to guess user passwords. You can learn about one new technique to thwart theses types of hacking attempts by watching the recording of a recent Gigya webinar that I hosted.
In the webinar, we introduce Gigya’s new Network Protected Identity (NPI) feature, the first in a suite of new services called Gigya Network Effects. These services complement Gigya’s outstanding package of Customer Identity Management Solutions.
NPI, free to Gigya’s Registration as a Service customers when it’s launched in early 2017, helps make sites and consumers safe by monitoring for ATO attacks across Gigya’s network of thousands of websites and 1.1 billion digital identities.
It protects against assaults by stepping up user authentication when account takeover attempts are detected.
Gigya clients can set thresholds for failed login attempts at the site level, then implement CAPTCHA tests or send one-time passwords to affected users — based on their account email or IP address — when those thresholds are crossed. Importantly, once a threshold is crossed on one site, stepped-up authentication will occur on any other site where login attempts from flagged email or IP addresses happen across Gigya’s network. This is easily configured from the Gigya dashboard.
Our own survey tell us that eight of 10 people user the same password for most sites. That makes a user identity easy to hack with bots that will run through thousands of password combinations in minutes. We can’t change user behavior, but we can help protect customers from these types of attacks.
Set aside 16 minutes to review the groundbreaking approach explained in our webinar and help prepare your defenses against the next assault on your databases . . . because you know it’s coming.
By Rashmi Vittal