We live in what is becoming an increasingly more digital world where our digital identities provide the necessary access to resources beyond our ancestor’s wildest imaginations, all at the click of a button. But that also comes with a price: namely that the ability to authenticate a digital identity is the only thing that separate unimaginable access or complete fraud. We’ve written before on the hundreds of millions of identities stolen, but it appears that the number has now surpassed one billion.
UIS Customs And Border Protection Breach
With all of the controversial discussions regarding the US border and need or not for a wall, it appears the real vulnerability was cyber. In this particular case, the good news is that the US Customs and Border Protection system wasn’t actually compromised, but the bad news is that one of their subcontractor’s was. According to a TechCrunch article titled “CBP says traveler photos and license plate images stolen in data breach”
“’Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,’ the statement read.
The agency first learned of the breach on May 31. A spokesperson for the agency later said the security incident affected ‘fewer than 100,000 people” through a “few specific lanes at a single land border’ over a period of a month and a half.
‘No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved,’ the spokesperson said.
The agency did not name the subcontractor.”
And the problem with digital identity theft just gets worse as even bugger breaches hit the news as well.
Evite Breach
Evite started in 1998 and became the preeminent online invitation company with the premise that “Life’s Better Together”. The good news is that they have helped tens of millions with their event invitations. The bad news is that all of that collected identity data in one location was just too attractive for cyber criminals to pass up. According to an International Business Times article titled “Evite Confirms Data Breach After Hacker Sells User Data On Dark Web”
“Evite confirmed that the breach occurred in February and involved cybercriminals accessing a file that contained user records dating back to 2013. The firm said that users’ names, usernames, email addresses, passwords, dates of birth, phone numbers and mailing addresses could have been “potentially affected” by the breach.”
It turns out that there were over 10,000,000 user records put up for sale from this Evite breach, but that is just a fraction of the billion stolen from just this one hacker. According to ZDNet:
“Back in April, the data of 10 million Evite users was put up for sale on a dark web marketplace for ฿0.2419 (~$1,900). The same hacker has breached, stolen, and put up for sale the details of over one billion users from many other companies, including other major online services, such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, and others.”
We clearly need a way to protect individual applications and networks from now authenticating imposter users.
Cognitive Continuous Authentication
As you can see from the barrage of press, your login/password combinations have pretty much all have been stolen already. It is also fair to assume that any new login/password combination you create in the future will also be stolen, so a new strategy will need to be undertaken to ensure your digital identity authentication only validates you as you and not some other imposter.
Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.
Download the Enterprise Management Associates’ Ten Priorities For Identity Management in 2019 today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.
{{cta(‘414c81cd-310b-4024-be90-62c1f079e125′,’justifycenter’)}}
