Apr 17, 2018 4:00:00 PM

With more attention and investments being made in cybersecurity in general and specifically to Identity & Access Management (IAM), one term has made a recent comeback in cybersecurity vernacular: the Trusted Device. Trusted devices are a powerful tool in the IAM toolkit.

However, while cybersecurity vendors are very familiar with trusted devices, most businesses are not, and don’t understand how useful they can be. In this post, we’ll explain how inBay defines a trusted device in the context of Identity Assurance and Management. We believe this will help you understand how to provision and utilize trusted devices in your IAM approach.

In its simplest form, a trusted device is a computing device that you own and consider “secure.” It's something you wear, have in your pocket or carry in your bag. From an IT admin's perspective, it's a device that the ... Read More

Mar 13, 2018 3:00:00 PM

Cyberattacks and cyber-threats continue to grow in frequency and sophistication. If you are a CISO or IT professional in a mid-market or larger company where access security is imperative, here are 5 important cybersecurity threats that you must put on your focus list.

Read More

Mar 6, 2018 11:00:00 AM

If you’re a fan of The Today Show, you may have seen their segment on Wednesday, February 28th highlighting the increased danger around identity and access management. In the segment, a part of their Hacking of America series, NBC’s Tom Costello shared that your passwords may already be for sale on the internet.

Here’s the key takeaway from their story: No matter how strong you think your passwords are, security experts say they’re probably no strong enough. Here’s the segment if you haven’t seen it:

Read More

Feb 27, 2018 10:00:00 AM

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. The GDPR is a new regulation that will require businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. If your company does business in Europe, or is a company that collects data on citizens in EU countries, here’s what you need to know about GDPR.

Read More

Feb 15, 2018 11:00:00 AM

As much as we’d like them to, cybercriminals don’t stay still. They’re always working on their next greatest crime. The dynamic and fast-moving nature of cyberattacks outpaces the cybersecurity solutions designed as quick fixes. In fact, as soon as one solution is discovered, cybercriminals are already working on their next mode of attack.

This makes it difficult to keep valuable data secure. You must stay abreast of the current cybersecurity trends in order to keep informed, gain knowledge and brace yourself for the latest attack.

Here is a mix of fresh and familiar threats to watch for this year:

Read More

Jan 23, 2018 12:00:00 PM

Mistakes are the stepping stones of learning. So put on your sneakers and let’s take a stroll down memory lane of some of the biggest breaches in history.

Read More

Jan 4, 2018 5:00:00 PM

IBM’s President and CEO, Ginni Rometty, believes that data is the phenomenon of our time. She says, “It is the world’s new natural resource. It is the new basis of competitive advantage and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”

That is a very powerful statement and backed up by the following data. In 2015, there were an estimated 1.5 million attacks. To put it into perspective, that equates to almost three cyber-attacks every minute. And IDG reported that the number of cybersecurity incidents rose 38 percent in 2016.

No company wants to become another data breach ... Read More

Dec 7, 2017 2:00:00 PM

Recently we shared some damaging statistics on cybersecurity. As we noted, virtually 2/3 of cybersecurity breaches are caused by poor or stolen passwords. Knowing that, it’s no surprise that significant investments of both time and money have been spent on strengthening the protection provided by passwords.

Among the most common approaches used by organizations of all sizes is two-factor or multi-factor authentication. The aim is to provide greater depth of security, thus making it more difficult for those looking to hack into system and/or steal data to gain access. The real question that should be asked is: Does this approach work?

Unfortunately, the answer is no.

Read More

Nov 29, 2017 11:00:00 AM

Gartner predicts that by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk. Gartner also says 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.

What’s more, 66% of data breaches are caused by weak or stolen passwords and breaches are up 27% year-over-year. Clearly, there’s a problem with how companies are protecting their data and it’s time for a new, better approach.

Of course, security attacks are nothing new. Dutch cryptographer, Auguste Kerckhoffs, commented on security problems as early as 1856. He introduced the theory that says, "If your security relies on keeping things secret, you are not secure."

Read More

Nov 11, 2017 3:42:45 PM

In most computer systems, some form of identification is required to verify that the person or entity is who they say they are before granting access to the system. In data security terms, this is called a shared secret. A shared secret is a piece of data exchanged between parties (the user and the application) for authentication in order to safeguard communication from third-party interception.

In the real world, this could be a photo ID, house or car key, driver’s license, badge or a wristband. In the digital world, a shared secret could be a password, login, private key, facial recognition, fingerprint, voice recognition, etc.

Authentication is the process used by a person, app, server, etc. to prove their identity by presenting information only they should know. Typically, authentication is broken down into 3 groups:

Read More