Keeping your startup secure in the ‘Age of the Hack’
What do Target, Sony, Anthem and Neiman Marcus have in common? They all suffered major, headline-grabbing data breaches where millions of confidential employee records, credit cards data, and customer medical health records were stolen by hackers. With the breaches came significant financial, legal and reputational consequences.
Startups especially need to be proactive when dealing with security. Systems must be constantly monitored and contextual cues must be used to verify the identity of the user. It’s no longer enough to just check username and password at the door. If you aren’t taking your security seriously by now, you’re going to have a serious problem.
Knowing ‘who is who and who has access to what’ has never been a straight-forward objective for IT departments, and this pain has compounded over time. The number of threats and threat vectors have increased. We’ve witnessed the rise of the firewall, intrusion prevention systems, endpoint protection, data leak prevention, sandboxing, deception detection, event management and more. This is why startups need to wake up and recognize that they must be even more vigilant than the largest organizations, which already have security stacks so high, they’re on the verge of collapsing in on themselves like a black hole. Take, for example, the recent security breaches at Internet startups Slack, Twitch, Tinder, and Kickstarter. As their user bases and popularity grew, so did the target on their backs.
It pays to be a pessimist when it comes to online security and consumer privacy. And until organizations of all sizes get it together, it’s going to get worse before it gets better.
Take compromised user credentials such as stolen passwords as an example. This is one of the most common cyber attack strategies. And yet, the identity management technology exists to prevent these attacks from being successful, if implemented correctly. Unfortunately, the foundation of identity management is broken at many organizations. As the volume of these types of threats increases globally, it will be imperative that identity management along with other security technologies such as perimeter security work together to handle real-time discovery of an attack in order to lock down access when an attack is underway.
Identity management is a critical component of any security strategy. This is the technology that determines who’s who and who has access to what. Identity management has the ability to provide context clues, used to decide whether to give access to a user or device, as well as how much access. If a user has entered correct credentials (username/password) but suspicious behavior is detected, such as an unusual IP address or a login attempt at an atypical time of day, additional security precautions like requiring a verification question or texting a code to a user’s mobile device can be invoked, before access is permitted. This is simple but powerful stuff that most organizations just aren’t using.
If there’s just one thing I can leave you with, it’s that passwords alone are no longer sufficient for keeping the bad guys out. It’s become comedy. Just go to your favorite news engine and type in “worst passwords,” and you’ll get a sense of what I’m talking about. But if you invest in the latest identity management technology, you’ll be in a better position to identify and mitigate the new types of attacks that have already plagued so many of the world’s most recognized brands.