Frost & Sullivan has suffered from a data breach from an unsecured backup folder that was exposed on the Internet. The data was sold on a hacker forum. Frost & Sullivan focus on developing strategy. The data has been put on sale onto the dark web. Behind the data sale is KelvinSecurity, who are a Russian-based hacking organization. This group is know for its strong presence on dark web forums.
Looking at the implications for Digital Journal is Ben Goodman, who is senior vice president of global business and corporate development, ForgeRock.
According to Goodman, the overall strategy of the firm was flawed in terms of cybersecurity: “Usernames and passwords are insecure and deliver poor user experiences. Plus, they pose major security risks if they are compromised in data breaches.”
It is common for people to re-use the same passwords for work and personal accounts,. This enables threat actors, once credentials have been acquired, to reuse stolen personally identifiable information.
Goodman says that the solution is to move away from usernames and passwords during the login experience to “prevent breached login credentials from being used for credential stuffing attacks or targeted account hijacking.”
He adds that with an appropriate solution in place, organizations can authenticate users with any authenticator that supports WebAuthN. Such technology enables users to apply biometrics such as Apple’s TouchID or a pin-protected key like Yubico for access. Such measures enable added security.
