Massive Biometric Data Breach Creates Chaos for MSSPs
… ensure their facilities remain secure until the full scope of the vulnerability is known, and consumers whose information was contained in the breach take precautions to protect any accounts related to the information disclosed in the breach,” Capps added.
Question Biometric and AI Protections
But there are also general steps any company affected by this biometric data leak, either directly or indirectly, should take now.
“Cybersecurity is not only about preventing breaches; it is also about protecting the data itself to make it a worthless treasure for attackers. In this case, tokenization would have been a great approach to make sure that clear text data elements are exchanged by a substitute,” said Felix Rosbach, product manager with Comforte AG.
“It is not possible to use, add or change data sets in a database that only contains tokenized data. This prevents attackers from changing or adding user accounts, facial recognition information or fingerprints to access whatever building that user is authorized to access,” Rosbach added.
Unquestioned reliance on biometrics and artificial intelligence (AI) must also come to an end. Neither technology is unbeatable in proving user identities. Due diligence is necessary and vital in vetting these vendors too.
“With all the hype around biometrics and AI, we tend to overlook the basics — we’re entrusting increasingly unchangeable personal data to a network of third parties with little oversight, and few enforceable standards over how priceless personal data is handled,” said Willy Leichter, vice president of marketing at Virsec.
However, it likely will take government muscle to completely shut down vendor security negligence.
“While GDPR lays out principles for data protection, these need to be swiftly and severely enforced for organizations that are clearly reckless,” said Leichter.
- Page 1
- Page 2