ID.me Blog

Eliminating The Human Factor From Digital Security

You've been subscribed!

The speed to which the market is introducing new innovative ways for people to improve their productivity and quality of life is exciting. However, this fast pace also introduces additional risk when security does not match the pace of advancement–particularly when people are the point of vulnerability.

As more of our daily activities are transitioned to digital channels, the issues of identity theft and account fraud become more impactful. The 2016 spear phishing attack at Pomeroy Investment Corporation highlights this growing risk. In April 2016, Tripwire reported that the company lost $495,000 to fraudsters when an employee received an e-mail request from an individual who posed as a company executive. 

At the time, police stated that response to the breach was slow because the victims themselves did not realize a hack occurred. 

“Previously, it was typical for company employees to communicate by email and to make transfers of funds–even overseas,” said Troy Police Sgt. Meghan Lehman. “But in this case, someone hacked the account of the sender requesting the funds. And then [it] was days later before anyone questioned the transaction and learned they had been hacked.”

Indeed, Pomeroy’s hack demonstrates the steep costs of human error.

Simple technical advancements in security can effectively mitigate risk associated with our human vulnerabilities. For example, the use of multifactor authentication for accessing e-mail or as a prerequisite action for completing a high-risk transaction is an effective mitigation tool. In this scenario, multifactor authentication would present an incremental step to security so that access to an e-mail account is not solely reliant on a single factor, such as username/password.

The additional factor increases the technical difficulty and cost to fraudsters so the likelihood of the spear phishing attack is decreased. Security capabilities, such as multifactor authentication, are critical to addressing the alarming trends in identity theft and fraud online. The risks and costs of inaction will only increase.