Digital signature service company DocuSign announced a security breach last Monday: A database of customer's emails had been stolen and used in a phishing campaign. But was the latest in a seemingly endless series of data breaches and hacking attempts actually that big a deal? Tech.Co sought the advice of one leader in the security sector.
We Need a Change
Robert Block, SVP of Identity Strategy at the security company SecureAuth, had this to say about the data breach and the stolen email list:
“The DocuSign breach is yet another wakeup call for organizations to move beyond simple user name and password based credential security, where attackers share this information causing further damage. The way organizations are approaching authentication and securing credentials needs to be rethought for cyber security strategy & investment to have any shot and being successful.”
So What's in the Future?
Can we expect the problem to get worse? If we don't learn from our wakeup calls, nothing's going to change. Here's how Block suggests we push ahead:
“Even simple two-factor authentication is no longer enough to safeguard against today’s attacks. Pushing forward, organizations are realizing they need to adopt a fundamentally new approach to prevent to misuse of stolen credentials that doesn’t just add an extra step to users authentication process, but instead provides effective protection while providing a good user experience. Modern approaches such as adaptive access control techniques and identity based detection work invisibly to the user but work to protect, detect, and ultimately remediate attacks essentially rendering stolen credentials useless.
Once we focus on preventing misuse of instead of securing the credential than we will see a reduction in compromised credentials resulting in data breaches.”
In the meantime? We would recommend any DocuSign customers update their passwords and ignore any suspicious email.
Read more about cybersecurity at Tech.Co.`