Layered defenses against security breaches
Over the past year, analysts have been cautioning about the need for layered defenses against security breaches. And we’ve seen many serious breaches by hackers and fraudsters this year. In particular, analysts are calling for a risk-based approach that can ramp up security for more suspect situations, but that always provides several lines of defense against intrusions. We call that approach identity security.
We were recently interviewed by the Information Security Media Group about the future of identity security. The interview discussed how Equifax helps provide a high level of assurance to facilitate more secure remote access and allow government and enterprise shift more transactions to the web with high levels of confidence and trust.
Risk-based, multi-layered security starts with knowing who your users really are. Beyond that, ID access management and authentication systems should also be risk-based. Ideally, risk analysis of suspicious transactions, policy violations, or out-of-normal behavior should trigger varying, progressively more complex authentication challenges. These security authentication parameters should then be customized in real-time so that your organization can present authentication challenges based upon the latest threat assessment. For example, challenges to users based on logins from a particular region or country, login frequency, changes in their ISP, machine characteristics, or other criteria.
If you have additional questions about ensuring the identities of your users or about the security of your data, please contact us.
Recommended For You
Hackers. They steal and sell data, especially at the point of sale and during customer acquisition periods. No customer wants […]
The growth of identity fraud shows few signs of slowing and technology has enabled easier access to consumer data that […]
Fraudsters are a smart group. With each fraud prevention method that’s introduced, they figure out ways to work around it. […]
On February 9, 2016, the President implemented the Cybersecurity National Action Plan (CNAP) designed “to enhance cybersecurity awareness and protections, protect […]