Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Passwords: A 2,400-Year History of Unreliability

Security Finally Evolves as the User Becomes the Password

by David Harding
August 2, 2019
in Data Privacy, Featured
screen scanning finger for print

With over 80 percent of data breaches resulting from compromised passwords, biometric authentication systems emerge as a solution to avoid multimillion-dollar losses, hefty fines and burdensome management of multiple complex passwords. ImageWare’s David Harding discusses.

Passwords don’t work anymore; in fact, they never have. The first record of a password being used was in 413 BC. The Greek army used memorized secrets for identity confirmation and access to private information; however, this initiative failed. The compromised passwords were one of the reasons the Greeks were slaughtered at the Battle of Syracuse. Over 2,000 years later, humankind still uses the same flawed technique to protect themselves.

The biggest misconception with data security is the notion of how hacks happen. We have a Hollywood-driven idea that hackers are extremely computer-savvy individuals in dark rooms using state-of-the-art technology to access information by penetrating through firewalls and other cybersecurity defenses. The actual process is much simpler: All an attacker needs to do is compromise a password. It could be anything from a sticky note with the password written down, a data breach at another company exposing previously used login credentials, passwords being shared by multiple users, and so on.

According to the 2017 Verizon Data Breach Investigation Report, over 81 percent of data breaches resulted from stolen or compromised passwords. So, why hasn’t this ancient practice evolved to a more secure, unbreachable method? Well, now it has.

Biometric identity authentication is the evolution away from passwords. The process relies on analyzing unique biometric data to identify and authenticate the user. This solution is far superior to passwords, as the user does not need to remember or protect a unique set of characters and numbers; the user is the password.

Companies are embracing biometric authentication systems for two main reasons:

Security

As stated previously, over 80 percent of breaches happen due to a compromised password, and these breaches are expensive. In 2018, the average cost for an organization that has suffered a data breach was $7.91 million. The loss column is not filled only with dollar signs; high-level jobs have been lost as well. Some noteworthy examples are former Target CEO, Gregg Steinhafel; former Sony Pictures CEO, Amy Pascal; and former Utah Department of Technology Services CIO, Stephen Fletcher – all were forced to resign after their systems were hacked. As illustrated, data breaches have evolved from being an IT problem to an executive boardroom discussion.

Convenience

The requirements for passwords have increased in an attempt to strengthen them. However, it is impossible to remember dozens of complex passwords that require upper- and lower-case characters, numbers, symbols, inspiring messages and hieroglyphs. Biometrics simplify this process tremendously by using a person’s very own traits as their password. Additionally, biometrics might be a corporations’ helping hand against strict legislation.

In the United States, very little legislation regulating cybersecurity and data breaches exist in comparison to Europe. GDPR’s new set of rules puts the burden of data and privacy protection on the companies collecting the data. Big companies are already being sued and potentially fined. Most recent cases include Marriott and British Airways, with potential fines of $123 million and $230 million respectively. In both cases, the penalties are due to poor handling of customers’ data.

In the U.S., the most notorious case has been Equifax’s data breach, which exposed extremely sensitive information of over 15 million people, including knowledge-based authentication questions (such as what street you grew up on or the name of your kindergarten teacher). One of the defenses hackers went through to complete this breach was, not surprisingly, an easy-to-guess password. Equifax’s data breach illustrates why biometrics have not been implemented more widely: Companies think they will never be the next victim. It is like texting and driving: we know the risks and hear of fatal crashes, but some still choose to do it. Since the pain has not been felt directly, the consequences seem foreign.

The additional expense of a biometric authentication system, coupled with the perceived complexity of deploying such a solution (many solutions are turnkey and implemented in a matter of minutes), might feel like too big of an investment since most companies believe breaches will never happen to them. However, with 49 percent of businesses suffering data breaches in 2016 and the potential of GDPR’s hefty fines, biometrics is moving from a nice-to-have system to an essential security pillar of every company.


Tags: data breachinformation security
Previous Post

GDPR Turns 1: Where We’ve Been and Where We’re Going

Next Post

“Everybody Wants To Do The Right Thing.” Really?

David Harding

David Harding is CTO at ImageWare Systems. An accomplished, international executive with more than 25 years of technology implementation and management experience, David is responsible for strategic design, technology infrastructure and core strategy from concept through delivery. Before joining ImageWare Systems in 2006, David held several CTO positions, with the most recent at IC Solutions, Inc., where he was responsible for all technology departments, including the management of software development, IT and quality assurance as well as their respective hardware, software and human budgets. He has also held CTO and executive management positions at several technology companies, such as Thirsty.com, Fulcrum Point Technologies, Inc., ProSoft and Access360, which is now part of IBM/Tivoli.

Related Posts

digital cybersecurity and network protection

Vetting Vendors’ Cybersecurity

January 26, 2021
illustration of man on ladder with binoculars, 2021 outlook concept

Financial Services Compliance in 2021

January 25, 2021
illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
Next Post
stick figures with apple heads, one rotten apple

"Everybody Wants To Do The Right Thing." Really?

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights