Companies these days are torn between their desire to find new technologies that facilitate communications and increase productivity, and their growing fears about security. “Cybersecurity shouldn’t interest just a few experts; it should be the whole world’s concern. That’s the challenge we face. We could easily keep this issue among ourselves, but it would be much more effective to open it up to everyone we want to protect,” said Guillaume Poupard, head of the French National Cybersecurity Agency (ANSSI), during the 2019 Assises de la Sécurité, an annual meeting of experts in cybersecurity.
In October 2019, Accenture published its 2019 State of Cyber Resilience study, which provides an overview of corporate IT security. While the number of cyberattacks decreased last year (from 232 in 2018 to 206 in 2019), the study shows that 40% of security incidents come from indirect attacks by cybercriminals targeting the IT systems of third parties, such as partners, sub-contractors, and service providers.
A growing cyberthreat
“These cyberattacks are directed against the ecosystems of partners, which are considered ‘hidden’. If we apply the same rate of security incidents to these new cyberrisks, we can estimate that the average number of cyberattacks that a company can be hit by is closer to 290 than 206 – an increase of 25% in a year,” the study’s authors explained.
To meet security requirements and ensure protection against a growing cyberthreat, companies need to pay close attention to the collaboration tools they choose. There is a wide range of tools available nowadays to facilitate and streamline communications within organizations. But not all of them offer the same level of security.
Focus on strong authentication
Secure access, integrity, traceability, and availability are some of the key features to bear in mind when choosing an online sharing solution. One particular pillar of security is strong authentication. A solution has to offer authentication other than a username and password to comply with a company security policy. Certificate-based or two-factor authentication can ensure that only the right person is granted access.
Strong authentication refers to an identification procedure integrated into several pieces of software. This IT security method strengthens the security of access to files stored on a platform. This method is especially recommended to guarantee the confidentiality of sensitive information.
Authentication systems in use
Standard authentication is based on a single authentication factor, typically a password. However, there are several types of attack that can crack a password, such as a brute-force attack, dictionary attack, phishing, listening to keyboard sounds, and network hacking. So, single-factor authentication does not offer much by way of guarantee.
Authentication is based on three separate factors:
- Something you know (password)
- Something you have (key, ID card, etc.)
- Something you are (fingerprint, iris, etc.)
Strong authentication is not just one, but a combination of at least two of these authentication factors.
Strong authentication: a double lock
To ensure confidential information is protected, strong authentication is the preferred method of choice – a process that requires two authentication factors to be passed. This double-lock system is more difficult to bypass by those with less than honorable intentions.
In most cases, authentication is carried out first by logging in with your password, and then by electronic certificate – also called a public key certificate. This certificate is a kind of digital ID card signed by a Trust Service Provider, which guarantees the integrity and confidentiality of the data through its signature.
Strong authentication is a particularly useful guarantee of confidentiality for executive, management, and supervisory boards, which handle documents of a sensitive nature on a daily basis.
Choose a partner you can trust
Strong authentication ensures greater protection against the risks of identity theft. Qualified electronic certificates issued by a Trust Service Provider are a bona fide guarantee of security.
The certificates provide a high level of guarantee regarding the identity of the holder when it comes to authentication to gain access to an online service, for example. Strong authentication is a vital building block of digital trust, especially as we move more and more towards electronic communications.