This week, defense secretary Dr Liam Fox spoke about how Britain is under continuous attack from cyber criminals. Peter Regent, director of online authentication at digital security provider Gemalto, shares his views on the need for industry and enterprise to better equip users with a full range of tools to intercept hackers who have shifted focus to the new weakest entry point – the username and password.
The defence secretary’s comments about national security reaffirm the need for industry and enterprise to better equip users with a full range of tools to help prevent cyber attacks.
Cyber criminals are continually evolving their attacks to bypass existing security approaches resulting in several high profile cases of data breach. Advanced persistent threats have proven to push past what has traditionally been considered good enough security.
The use of passwords has been a target for theft leading to attacks like the recent Sony Playstation, Gmail and Android attacks. This marks a shift in focus from malware attacks and proves how criminals are exploiting what is now the weakest link – the username and password. Access to username and password information makes it easier for criminals to gain entry into both consumer and corporate networks due to the lack of security and verified identity controls in place.
Dr Liam Fox is right, business and industry must re-evaluate security controls to reduce fraud and protect intellectual property. Introducing extra layers of security to usernames and passwords to governments, businesses and every individual internet user will be a major step forward in cyber crime prevention.
Introducing a physical device such as a one-time-password (OTP) token or smartcard will ensure only authorised users gain network access, securing online transactions for consumers. For businesses and governments however, a far more sophisticated layered identity verification approach is a must.
A smartcard solution encompassing certificate-based authentication and Public Key Infrastructure (PKI) certificates will enable only authorised employees to access sensitive information and will enable a full audit trail of all access events – a critical element with most compliance initiatives. This provides a similar level of protection to corporate information assets that chip and pin cards provide for banking consumers when accessing cash from ATM machines.
Cyber criminals are becoming increasingly sophisticated and no individual or corporation is immune to attack. It is time to move past good enough security to a security solution that actually meets the need and protects from the threat. By integrating multi layer authentication into security processes and infrastructures, we will be much better prepared for fraud prevention.”
By Peter Regent
Director of online authentication
Gemalto
www.gemalto.com/