Cyber 2020
Two Phone Calls Are Not Enough to Verify a User’s Identity, Says Cyber Investor
Mickey Boodaei, a veteran cyber investor and entrepreneur, spoke Monday at Calcalist’s Cyber 2020 conference
13:1117.12.19
Most cyberattacks are much less sophisticated than you would imagine, according to Mickey Boodaei, a veteran cyber investor and entrepreneur. Boodaei spoke Monday at Calcalist’s Cyber 2020 conference, held at shared office venture Labs at Tel Aviv’s Azrieli Sarona tower.
“To steal a million dollars or organizational data worth tens of millions of dollars, you do not need any exceptional knowledge, just a day’s worth of work, and very basic technical capabilities,” Boodaei said. Using private information such as ID numbers, dates of birth, credit cards, or verification codes that you get in an email or a text message, cannot in itself prevent an attack, he added.
“I recommend everyone takes a hard look at their organizations’ identification and data verification processes, whether they are dealing with clients, employees, or partners,” Boodaei said. It is imperative to see what happens when a user needs to recover their username or update a phone number, he said. “If the process requires no more than two phone calls. We may have a problem, and someone could easily take control of sensitive data or internal organization accounts.”
“Much like in the real world, to break into a house you don’t need to go through lasers or cut through bars. Typically, you just have to look for the key that is under the welcome mat,” Boodaei said.
Mickey Boodaei. Photo: Orel Cohen