The viruses of people and machines

Cyber security matters more than ever during the pandemic – because online attackers are not resting on their laurels for the occasion.

The cybercrime in the EU has increased due to the coronavirus outbreak – the president of the European Commission, Ursula von der Leyen, has warned recently. According to a Reuters report, WHO is facing a “more than two-fold increase” in cyberattacks amid its efforts to organize a worldwide response to the coronavirus pandemic. As a vast majority of employees have shifted to remote work, multiple hacking attacks have demonstrated the vulnerability of organizations.

2FA to the rescue

One way to improve the business security is to set a two-factor authentication method (2FA). Using only a strong password is not enough – over the past decade we have witnessed cases of credential leakages and data breaches with decent passwords in place. An additional step of identity verification adds an extra security layer for your protection.  There are many different varieties of two-factor authentication possibilities based on SMS verification codes, one-time codes, biometrics, or authenticator apps.   

But the best 2FAs are hardware tokens, based on a digital signature. A special USB key serves as a second factor and can be used for identity confirmation, document authorization and transaction verification. It is one of the most secure options available – as long as the USB key is not lost, stolen or manipulated on by someone. Alas, human is still the weakest link in the security chain.

Pushing the button

When employees leave hardware tokens plugged in to their computers during their work hours, and even when they leave the office, hardware tokens become the entry point for hackers to access company’s internal systems. Especially in the current situation when people may not be cautious enough due to stress, mistakes are being made that would not have been made otherwise.

For that reason, Comarch has brought an additional protection feature to its USB tokens – a physical button built into the device that requires users to press it to initiate the authentication or authorization process. It is important that the entire operation must be additionally confirmed by a PIN number. This feature protects users against remote attacks, ensuring that no third parties intervene without the user knowledge, even if the token is left in a computer. 

Not an ideal thing

There are three problems with two-factor services. First, is there are too many of them – it is hard for companies to evaluate all of them and choose the right one.

Second, none of them is a 100% secure. Adding an extra layer of protection make things harder for hackers, but they will always find another angle of attack. Security can be improved by combining 2FA with monitoring solutions detecting malware, unusual biometric behaviors, geolocation and more.

Third, 2FA solutions are user-hostile. Every day employees are logging in to several systems, and not only does it require to remember several passwords, but also manage several second factors.   

Enter the Blockchain?

Currently, most of identity management systems rely on one-time password (OTP) and on 2FA – but the industry is likely to be disrupted in the future. We have all heard about Bitcoin – a cryptocurrency which enables people to make anonymous payments. Blockchain – a technology on which bitcoin runs – offers a viable alternative for authentication methods. The concept of blockchain identity management is advocated by many experts in the IT industry for all sectors of the economy. The possibility to authenticate yourself at company you work for, government offices, online voting, banks, airports, or hospitals using just one digital identity is very appealing.   

In the Blockchain approach, users register their identities using a key pair. The identity information provided contains hashes of several related attributes and is stored in a decentralized database. Thanks to this, it is possible to access many services using one digital identity, with a highest level of security, privacy and without revealing non-mandatory data.

 Good for GDPR

When an employee is connecting to company systems, only the employee’s name will be shared with the company. No sensitive data related to medical reports, bank accounts, or insurance policies will be revealed. This is very important for processing personal data as required by GDPR.  

Current circumstances show the importance of secure and private identification in every business sphere. Strong authentication solutions are no longer about data protection, but about company survival in times of crisis.

Artjoms Kascejevs, Business Development Manager