Access Breaches: Recent Data Breach Reports
Lately, reports have surfaced that Microsoft and identity management platform Okta suffered breaches involving Lapsus$, a new cybercrime group that specializes in stealing data from big companies. This hacker group is known to use brazen tactics like phone-based social engineering, SIM card swapping for takeovers, bribing employees to give them passwords, and intruding in the ongoing crisis-communication calls of their targets. In this case, both companies reported that no customer code or data was stolen, but that a single account had been compromised, granting limited access.
What happened to both Microsoft and Okta could have happened – and could happen – to any organization. The fact that Okta is a Single-Sign On provider drew a lot of attention, but every organization is at risk from this type of breach. The attack illustrates one of the fundamental weaknesses of traditional passwords and one-time passwords that are text or numeric-based, i.e., they can be easily shared between a compromised or colluding employee and the hacker.
Zero Trust, MFA, Voice Biometrics
This is where a zero-trust environment using MFA security practices with voice biometrics could have helped. A key tenant of zero trust is that the subject (user) and the asset (laptop) must be validated before access can be granted to the resource (company data). Common MFA practices trust the identity of a user logging in based upon what they know (username and password) and what they have (registered device). As we know, these alone are not enough with security vulnerabilities such as hacked passwords, collusion, SIM swapping, phishing, etc. Even with 2FA security precautions, you are not out of the water yet.
To combat these vulnerabilities, one method that stops hackers and access breaches at the gate, even if they have your information and device, is biometric authentication – voice biometrics – which allows you to use your voice as a password. It is uniquely personal, and cannot be duplicated, copied, or reused in any form. Voice is mathematically superior and a unique human identifier to authenticate identity.
Adding voice biometric authentication to your MFA/2FA security practices is particularly powerful because it enables an identity assurance layer, and that makes it much more difficult for hackers to get past it, irrespective of whether they colluded with employees or outsourced workers. The only way to assert identity is with biometrics, and the only biometric that is inherently two-dimensional is voice biometrics – it’s not just one’s voice but also what that voice is speaking. For example, with voice biometrics implemented, it has to be the legitimate voice of the user speaking an OTP.
This massively increases the mathematical probability of identifying both the legitimate user (stopping false negatives) and, most importantly, identifying a hacker/fraudster (false positives). Furthermore, the voice of the hacker is captured at the time of the attack and can be placed on a watchlist as part of a comprehensive fraud intelligence/prevention strategy. We are therefore recommending that voice biometrics needs to be implemented as part of any comprehensive security strategy – it is the next-generation security layer that takes MFA to the next level.
At ValidSoft, we are focused on making voice the ‘alpha authentication’ factor: the most secure and trusted way to assure identity. Our technology delivers identity assurance that is easy to deploy, yet enormously secure. Our proprietary algorithms give us the leading edge in detecting replay attacks and synthetic speech (deep fakes). We understand the value of your customers and take the protection of their data seriously. We are integrated with industry-known MFA business solutions.
If you would like to see ValidSoft’s biometric solution in action, request a demo