Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

Experts say attacks on retailers like Neiman Marcus, Target, others will happen again if businesses don?t change their online security systems.

More than 130 million customer accounts were compromised when online security systems failed in 2013. While Target and Neiman Marcus were the most high-profile of those illegal intrusions, they were far from the only businesses targeted. Adobe, LivingSocial and Snapchat also suffered breaches in 2013, along with many other businesses whose problems weren't publicised.

Andreas Baumhof, the CTO for San Francisco computer and network security firm ThreatMetrix, wrote in a recent article for The Business Journals that the problem with passwords is that once cyber-criminals have login info, they then have access to personal data and identification that can be used in a myriad of fraudulent ways. Once an attacker apprehends a username and password, the possibilities for fraud are endless, especially if the same information is used across multiple accounts, such as retail, social media, and online banking accounts,? Baumhof wrote. He said retailers and web businesses have shied away from a two-layer authentication system ? which are available by consumer choice on sites such as LinkedIn, Twitter, and Google because they don?t want to inconvenience users.

So how can businesses find a balance in their security systems between caution and intrusion, and better protect their users in 2014? Baumhof outlines three steps businesses can take to fight password theft
  • Integrate login and payment screening for a single view of customers that determines risk levels across logins, devices, history, and behaviour. He said most websites and companies don?t have automated systems between their fraud and security operations for sharing risk profiles.
  • Share intelligence networks so more accurate, up-to-date information is available to tell if an online user is a customer or a cyber criminal. Baumhof said shared networks have the capability of analysing a customer?s history of logins, payments, new account registrations and remote access attempts. Having that information can quickly ascertain if a user's actions are suspicious.
  • Institute ?content-based authentication.? For instance, a computer system can "tag" a device and user that have successfully authenticated in the past through a two-factor authentication. Then, when that user logs on from the same machine in the future, a simpler authentication process can be used.