WizCase’s team of ethical hackers identified a major breach in online art retail platform Artwork Archive. The data impacted was said to contain users’ names, surnames, email addresses, physical addresses, and other sensitive information. Thousands of artists, collectors and their customers were left vulnerable.
In response to Artwork Archive’s exposed cloud storage server, security expert Robert Prigge, CEO of Jumio tells Digital Journal why companies need to strengthen their online identity verification and user authentication packages.
At the heart of the issue, according to Prigge, is the setting up and operation of cloud computing. Here Prigge states: “Artwork Archive’s unsecure cloud storage bucket that exposed over 200,000 files containing users’ full names, phone numbers, email addresses and physical addresses confirms that organizations need stronger authentication to secure sensitive data.”
Weak authentication systems make it easier for criminals to take advantage of these unsecured doorways in and gather data. As Prigge notes: “Fraudsters can easily cross-reference the exposed data with other available information on the dark web to access countless user accounts that were set up with this information, including social media profiles, health insurance portals and banking applications”
Prigge adds that: “While exposing sensitive data due to a lack of password protection is a serious lapse in security, passwords in general can no longer be trusted to keep data safe in today’s evolving threat landscape, as anyone with the account password can log in and pose as the user.”
With the password increasingly recognized as a weak security measure, Prigge outlines his recommendations. He notes: “Instead, organizations can implement a more secure alternative like biometric authentication (leveraging a person’s unique human traits to verify identity), which allows organizations to confirm the authorized user is the one logging in and ensures their sensitive data is safe from fraudsters.”
There is guidance out their as well. Prigge points to: “Security certification such as ISO/IEC 27001:2013 [sic] can help companies successfully operate a systematic approach to securing customer and corporate information.”
ISO/IEC 27001:2017 is an international standard, titled “Information technology. Security techniques. Information security management systems. Requirements.” The standard provides specific recommendations to help an organization to establish a secure system, monitor its performance and implement improvements when necessary. The standard also enables external assessment and certification of an organization’s information security.