Credential abuse attacks and identity theft incidents are rising, with attackers leveraging botnets to launch coordinated campaigns with high success rates, says Aseem Ahmed of Akamai Technologies, who shares best practices for mitigating the threats.

More than 30 billion malicious login attempts were carried out globally between November 2017 and June 2018, according to research conducted by Akamai, Ahmed says in an interview with Information Security Media Group.>

"The financial services industry is under constant attack from automated account takeover tools. ... E-commerce, travel and hospitality verticals are also very often targeted," he says.

It's difficult to determine the exact cost to the business from credential abuse attacks. Among the factors that must be considered, Ahmed says, are money lost, the cost of prevention and remediation, and customer abandonment rates after a credential abuse incident.

In this audio interview (see player link below image), which is the second in a two-part series, Ahmed talks about:

The cost to business from credential stuffing attacks; The industry verticals most impacted; Global best practices to mitigate credential abuse, including using a defense-in-depth approach.

In part one of the interview, Ahmed discusses how malicious bots and botnets are becoming increasingly common and sophisticated and why enterprises need to address them in their risk assessments and security frameworks.

Ahmed is senior product manager for cloud security in Asia Pacific at Akamai Technologies. He is responsible for identifying market opportunities in cloud security, translating ideas into product requirements, gathering and consolidating customer feedback, evangelizing product vision and strategy, as well as overseeing aspects of the product design and development lifecycle while partnering with cross-functional teams on go-to-market activities. With over 10 years of experience in security services and consulting, cloud security solution architecture, incident handling and IT Infrastructure management, Ahmed has built a strong understanding of customer and market requirements. Previously, he has worked in technical roles at Microsoft and Convergys.

Secure multiparty computation technology enables users to carry out computation on private data while it remains encrypted, says Israel-based Yehuda Lindell, a cryptography professor who's chief scientist at the security firm Unbound Tech. One of the main applications is for protecting cryptographic keys, he says in an interview with Information Security Media Group.

SMC offers a more practical option to the usual practice of storing keys in a hardware security module, which is difficult to manage, he contends.

Using SMC, he says, "we can split the secrets into random pieces and put them on different machines and then have the computations being carried out without everything being bought together ... without the key being remembered," he says.

This new technology can be installed by deploying virtual machines to set up the framework, Lindell explains.

In this interview (see audio link below photo), he offers insights on;

Using SMC technology to protect cryptographic keys; The architectural framework required to carry out the computation for securing data. Potential other uses for SMC.

Lindell, chief scientist at Unbound Tech, a cryptographic solutions provider, is a professor of computer science at Bar-Ilan University in Israel. He has published over 90 scientific articles and has authored one of the most widely used textbooks on cryptography and has years of industry experience in the application of cryptography to computer security.