Intelligent CISO Issue 13 - Page 45

industry unlocked Don’t underestimate effective authentication With threats showing no signs of slowing, a wealth of new technologies have been introduced to the financial sector, including the likes of AI, Machine Learning and biometrics. But even those organisations with the newest ground-breaking technology in place can be compromised by something as simple as a weak password. Getting the basics right with authentication and password policies is therefore crucial to safeguarding enterprise data and should really be considered a basic staple of security hygiene. As such, password management should be a top priority. This should include education for all staff on safe password practices, how to create a strong password and the importance of using unique credentials across all accounts. Because memorising complex passwords for multiple accounts is www.intelligentciso.com | Issue 13 Banks simply cannot afford to make assumptions about the effectiveness of their technological defences. practically impossible, organisations should consider implementing solutions that take the burden off staff. By using a password management tool, all the work is done for you and password data remains secure. Multi-factor authentication (MFA) is one of the most effective ways to add another layer of security to password protected accounts, because the hacker will be required to provide an additional factor (a one-time code generated by a hardware token, fingerprint, etc.), even if they do obtain the password. The Timehop breach, which affected nearly its entire customer base of 21 million users, occurred because the company hadn’t protected access to its cloud network with MFA. While the risks of skipping this step are clear, a recent report found that only 16% of banking/financial institutions had adopted MFA, compared to 31% of technology businesses. Financial institutions can also seriously benefit from leveraging advanced offensive security, such as penetration testing and ‘red team’ exercises to improve visibility and security awareness across the organisation. Red team testing comprehensively exposes physical, hardware, software and human vulnerabilities before they become entry points for hackers or provide 45