Can Multi-Factor Authentication Prevent a Data Breach?

Over 40 million customer credit cards and 70 million data files were lost in the Target customer data breach, but the question remains, could multi-factor authentication have prevented the attack?

Brian Krebs on his Krebs on Security blog pointed out that sources have confirmed that the data breach happened because of stolen log in details from a third party contractor working on internal HVAC systems for the organization.

Third party contractors play a bigger role in enterprise organizations as they grow in size and complexity. In order to properly maintain all of the necessary systems, organizations often turn to outside contractors to help maintain, update, patch, and troubleshoot their complex network of systems and resources.

More than Strong Passwords, Enterprises Need Strong Systems

Outside vendors often require the ability to remotely log into an organization’s systems to perform routine hardware or software work. To save time on required training or money from extra head count, organizations use temporary contractors or turn to third parties to help manage the growing demands of complex system maintenance.

Some may say that organizations should limit the access of third parties into enterprise systems, but that may not always be a viable solution for enterprise system management.

Other may suggest more complex password requirements. However, a strong password policy doesn’t need to be the only line of defense for your systems and network. Adding multiple layers of security creates extra protection for users and resources in the event of a data breach.

Multi-Factor Means Multi-Layers of Data Security

Could multi-factor authentication have prevented the Target data breach? With the growing number of news headlines related to stolen credentials, it’s critical that organizations do more to mitigate the threat of stolen user credentials.

Enterprises expect a growth of nearly 30% in systems requiring digital certificates. This means greater reliance on systems or processes to manage these resources.

Multi-factor authentication adds an extra layer of protection that could prevent scammers, even if they were able to steal valid user credentials. Adding a second layer of IP address restriction, one-time password token, or a client certificate could have been enough to prevent unauthorized access to internal critical systems and is often an effective deterrent to enterprise password theft.

DigiCert Managed PKI enables enterprise users to add multiple levels of access authentication in their certificate management systems.

Better Identity Authentication

It’s easy to find cheap SSL Certificates. And even though you can get them for as low as $5, cheap SSL Certificates come at a cost to enterprise data security. Cheap SSL Certificates give encryption, but remove the identity verification step that enterprise Certificate Authorities perform to ensure that a certificate requester really is who they claim to be.

Trusted enterprise SSL Certificates should never be processed with automated systems, and they should always include human review for security and identity verification. As organizations see their digital certificate needs grow and require more client certificates for their enterprise users, it’s key that they use systems that perform authentication in addition to enabling encryption.

For enhanced data security, administrators must ensure that their organizations:

  • Use best practices for password creation and password management
  • Use an effective separation of duties for any system-critical actions or sensitive data security actions
  • Enable multiple levels of authentication to access system resources to ensure that only the right person interacts with secure systems
  • Monitor the existing system’s security for SSL encryption and security vulnerabilities

Organizations large and small could be a target for data thieves. System intrusion isn’t even about financial gain anymore; hackers today will target organizations simply because they can. Exposing internal resource or sensitive user information can lead to a serious hit to brand reputation. With the number of resources available and the ease of implementation, there’s no reason why enterprise administrators shouldn’t implement alternative methods of authentication.