2014 - Gemalto Study

As you are reading this post, several thousand data records will have been stolen. A recent study published by Gemalto shows that almost a billion data records were lost in 2014 as a result of 1,352 major data breach incidents that occurred around the world, with the majority taking place in North America. It represents a 49% increase over the previous year, and a 78% increase of the number of data records. The most recent incident at Anthem, the American health insurance provider, shows that 80 million data records (which is about 8% of all data lost in 2014) were lost in a “sophisticated attack” that was possible because one single password was stolen. Instead of recognizing that the password mechanism itself is the weakest link in their security infrastructure, Anthem responded by deploying a well-known strategy that will do absolutely nothing to prevent such an attack from happening again: they reset the passwords of all employees and blocked all access that involves only one password. Yes, a sound user access and password policy is necessary, but something has to be done to make sure a new password is not going to be stolen and misused in the future. If Tricerion SafeLogin was used at Anthem – there would be no stolen passwords and the data breach could have been prevented, since image-based passwords inherently prevent easy shareability. There is no need to deploy hardware-based authentication systems (the cost of hardware and vulnerabilities, such as the recent hacking of Gemalto’s PKI infrastructure through phishing), since software-based mutual authentication mechanisms have the greatest advantage by being easy to deploy, enabling the removal of password-only points of entry.