With the average ransom paid for mid-sized companies standing at over $1 million in the event of a cyberattack, the increased importance of security in distributed systems is undisputed. Multi-factor authentication (MFA) is one of the primary actions.
“It is essential to educate those with access to sensitive data on data privacy and ensure the right processes and technology are in place,” says Kulani Likotsi, Head of Data Management and Data Governance at Standard Bank South Africa, outlining the increased importance of security in distributed systems. So, what does this education look like?
Data reinforces Likotsi’s concerns. In the case of cyberattacks, $1 million+ is the average ransom paid for mid-sized companies, in addition to potential downstream impacts, including loss of customer trust.
The figures are concerning.
In today’s world, distributed systems have a wide range of applications across cloud computing, the Internet of Things (IoT), blockchain, and more – where security is critical. Because of their complexity, these systems rely heavily on communication and information exchange between different nodes and have more attack vectors than centralised systems.
If the system is not secure, it can lead to data leaks, denial of service attacks, or even the takeover of the entire system by malicious actors.
Start with multiple authentication factors
Multi-factor authentication (MFA) requires users to provide at least two or more authentication factors to access a system, application, or data. There are three primary categories of authentication factors:
- Something you know (e.g. password)
- Something you have (e.g. token)
- Something you are (e.g. biometric)
Passwords are the most common but are susceptible to attacks such as brute force, dictionary, or phishing attacks. Passwords can be combined with other authentication factors to strengthen, such as biometrics or token-based authentication.
Biometric authentication factors use unique biological characteristics, such as fingerprints, facial recognition, or voice recognition, to verify a user’s identity. These characteristics are difficult to replicate and offer an additional layer of security. For instance, a smartphone may require users to scan their fingerprint or face to unlock the device.
Similarly, token-based authentication involves using a physical or digital token to verify a user’s identity. Tokens can be hardware-based, such as a smart card or USB key, or software-based, such as a one-time password (OTP) generated by an app.
Further, MFA is becoming more advanced with the integration of machine learning and artificial intelligence, leading to the development of more sophisticated authentication methods, including:
- Location-based MFA checks a user’s IP address and geographic location to verify their identity.
- Adaptive or risk-based authentication considers additional factors, such as context and behaviour, when authenticating a user. It assigns a level of risk to each login attempt based on these factors.
Deny unauthorised access
With artificial intelligence and machine learning solutions, companies can ensure that only authorised users can access sensitive data in several ways.
- User and Entity Behaviour Analytics (UEBA): This method uses machine learning algorithms to analyse user behaviour and detect anomalies, such as account takeover attempts, insider threats, and unauthorised access attempts, that could indicate potential security threats.
- Biometric Authentication: Facial recognition systems use AI to analyse facial features and match them to a database of known faces, while voice recognition systems use ML algorithms to identify unique voice patterns. IBM Security Trusteer uses AI and behavioural biometrics to enhance authentication and prevent fraud. Its machine-learning algorithms analyse user behaviour and biometric data to verify user identities and detect anomalies that could indicate fraud.
- Anomaly Detection: AI and ML can detect unusual behaviour patterns in user activities, such as accessing data at unusual times or locations. This can help prevent unauthorised access and data breaches. For example, Google’s Cloud Access Transparency logs use ML algorithms to detect and alert suspicious activity related to cloud storage services.
- Fraud Detection: AI and ML detect and prevent fraud by analysing transaction data and identifying patterns that indicate fraudulent activity. For example, banks and financial institutions use AI-powered fraud detection systems to identify suspicious transactions, such as multiple transactions from different locations in a short time. Mastercard uses ML algorithms to detect and prevent fraud in real time. It analyses transaction data, user behaviour, and device characteristics to identify patterns that indicate potential fraud.
Establish secure communication channels
Encrypted communication channels play a vital role in establishing secure communications. This requires a step-by-step implementation, including:
Identifying the type of data that needs to be secured will help determine the level of encryption required to secure the data.
Next, choose a secure encryption protocol. Several encryption protocols are available, including SSL, TLS, and SSH. These protocols encrypt data as it is transmitted, making it difficult for unauthorised users to intercept and decipher.
Follow on with two-factor authentication as an extra layer of security that requires users to provide two forms of identification before accessing a system.
Thereafter, when transmitting data between distributed systems, it is essential to use secure channels. This can include using virtual private networks (VPNs) or secure FTP protocols to transfer data securely.
Additionally, it is crucial to regularly update and patch your systems to address any security vulnerabilities. This can include updating encryption protocols, installing security patches, and updating passwords.
Monitor, monitor and monitor
Monitoring user activity is a crucial part of maintaining the security of systems. Log analysis tools help monitor user activity by collecting and analysing log data from various systems and applications, identifying any unusual or suspicious activity.
For instance, if the system notices multiple failed login attempts from the same IP address, this could be a sign of a brute-force attack. Log analysis tools can provide alerts when specific events occur, allowing time to take appropriate action quickly.
Another way is to monitor network traffic. This can help identify any unusual traffic patterns or connections. For instance, if the system notices a sudden spike in outbound traffic to a specific IP address, this could indicate that a user is sending sensitive data to an unauthorised third party.
The third important aspect is to monitor user activity on email systems. Use email security solutions that offer advanced threat protection and detect phishing emails. These solutions can identify suspicious emails and prevent them from reaching user inboxes.
Regular updates are a must
Regular system updates are crucial to ensure all systems are updated with the latest security patches. This helps prevent security vulnerabilities exploited by malicious actors.
To that end, establish a regular update schedule and use an automated update system to minimise disruptions to operations. It’s also essential to prioritise critical security updates, test updates before deployment, and monitor systems for any issues that may arise after updates. Prioritising critical security updates can help address any security vulnerabilities quickly.
Again, testing updates before deployment helps ensure they don’t cause compatibility issues or other problems. All these steps ensure that the systems are up-to-date and protected against potential security threats.