The recent hacking of genetic testing company 23andMe is causing concern regarding the safety and security of genetic data. Hackers were able to illegally access 14,000 user accounts and extract genetic data from 6.9 million people. This breach has raised red flags due to the unique, irreplaceable nature of genetic information, and there is a concern about the potential misuse and targeting of this data in the future.
To protect its users, 23andMe is prompting all users to immediately change their passwords and take steps to enroll existing customers into two-factor authentication for an extra layer of security. While this is a positive step, it’s argued that more needs to be done. It is suggested that every single software-as-a-service (SaaS) app should make two-factor authentication mandatory. At the very least, multi-factor authentication (MFA) with a minimum of three factors available should be implemented. This is currently viewed as a public safety matter and should be made mandatory for all applications, much like seat belts and airbags are standard safety features in vehicles.
Additionally, a reevaluation of the security measures in place for SaaS applications is critical. Many accounts and SaaS applications have networked capabilities that increase exposure exponentially. The 23andMe breach exposed data with locations, display names, relationship labels, and DNA shared with matches, as well as birth years and locations for some users. This highlights the potential risks associated with the compromise of even a relatively small number of accounts.
This urge for change in SaaS security protocols comes at a time when the threat of cyber attacks is on the rise. According to the 2023 IBM X-Force Threat Intelligence Index, 41% of successful cyber attacks used phishing and social engineering as their primary vector. It demonstrates the importance of fortifying security measures, especially with the increasing sophistication of cybercriminals.
Meanwhile, the 23andMe hack has underscored the insecurity of username and password combinations. There is a call for two-factor authentication to be made mandatory and enforced as the standard security protocol for any SaaS application. While some may argue that this could introduce additional friction and negatively impact user experience, companies have demonstrated that these problems can be mitigated through innovative planning and design.
In order to enhance security measures even further, the use of multi-factor authentication, including more-secure factors such as biometrics, hardware keys, and authenticator apps, should be encouraged. The importance of enhancing security measures in SaaS applications, particularly in light of the potential threats associated with hacking, cannot be understated.
In conclusion, genetic data breaches serve as a warning signal for the larger issue of SaaS security. As more aspects of our lives transition into digital platforms, the need for stringent security measures becomes all the more critical. It is clear that the implementation of two-factor authentication and other security enhancements is essential to safeguarding the integrity and confidentiality of sensitive information. Therefore, urgent action must be taken at both organizational and industry-wide levels to address these security concerns, protecting the broader interests of businesses and consumers alike.