Dealing with an unknown enemy

As the use of the internet and the availability of sophisticated technology, crime also increases. Fraud can be carried out on a large scale, very quickly and remotely, without physical contact between perpetrators and victims.

Placeholder

Foto: @dmitrybayer

The use of the internet and sophisticated technology has transformed the way that cybercrime is committed – enabling frauds to be perpetrated at scale, at great speed, and at a distance, with no physical contact necessary between criminal and victim.

It can be much harder to identify the individuals initiating this type of crime, and their location - which brings new challenges for organizations to prevent and protect themselves against the threats to IT security.

Network crime has created a need for organizations to think about the threats and risks of economic cybercrime and to understand what types of actions they need to take to protect their employees, customers, vendors and partners.

Who needs identity and authentication verification services?

In a 2015 report by PwC

of large organizations said that they had suffered a security breach, up from 81% in 2014. Small organizations recorded a similar picture, with 74% reporting a security breach, up from 60% in the previous year (HM Government, 2015). Of these, 11% of respondents changed the nature of their business as a result of their worst breach.

There are simple measures that can increase safety, that don’t require the complex attention or focus of already time-pressed staff, such as two-factor authentication (2FA) and automated antivirus updates. Important solutions for everyone - from small businesses to large organizations.

In reality, the IT security challenges posed by cybercrime are more of a long-term struggle, and cannot be solved by conventional IT strategies alone. These types of crimes have become much larger and more complex with the advent of social engineering to retrieve information and data to help crack passwords. Along with the growth of the cloud technology, these factors and more are contributing to users becoming “easy targets” that inadvertently help facilitate cybercrime.

If we only took the time to safeguard ourselves many cyber attacks could be avoided, but there is often the tendency to wait until tragedy strikes before anything is done.

If we take for example the recent (May 2017) ransomware cyber-attack that security researchers from Kaspersky Lab recorded more than 45,000 incidents in 99 countries. In the UK a high profile victim was the NHS (the National Health Service) that faced renewed concern about the security of its IT infrastructure after systems were rendered inaccessible with ransomware.

Given the example of the NHS, there are particular risks to the healthcare industry with cybercrime:

  • Hackers can infiltrate systems and gain access to patient health information.
  • Malware that allows criminals to steal valuable personal data
  • Ransomware infections in healthcare organizations holding computer files hostage
  • Increased risk of data breaches with patients and carers using mobile devices.
  • Unintentional staff actions compromising patient data security
  • Weak links in the hospital supply chain opening up potential for a data breach from vendors
  • Risky employee behaviour exposing the organization to data breach risks

Employees, remote workers and contractors demand access to their workspace from anywhere, from any device.

The modern workplace has become more flexible as people increasingly choose to work remotely, have a job where they are on the move or employers use contract workers. There is risk of a data breach from poor encryption, using personal online accounts to store and access work files and usage of unauthorized and inadequately protected devices.

The challenge for organizations is recognizing the signs or risk areas, investing in preventative measures, educating and communicating to time-pressed staff.

Although the consequences of a breach may fall in the first instance upon individuals, businesses and public authorities are generally liable for security breaches, which needs to be taken very seriously with the new GDPR data privacy legislation that came into effect on May 2018.

Identity theft is a serious security threat to any organization and end users alike. Organizations need to know who's accessing their data and ensure that users are who they claim to be.

Prevention is better than cure and identity management is key to enabling organizations to comply with the GDPR, increase IT security and build trust amongst users, staff, employees and partners.

And until recently, hackers focused on attacking vulnerable IT infrastructure. But as protection for such infrastructure strengthens, the attackers’ have shifted their focus to easier targets, those on the move using mobile devices such as employees, contract workers, customers, or even patients. Knowing anything about these individuals can help to launch or support a cybersecurity attack.

With the right architecture and design, a smart card solution offers a range of benefits that simplify the user’s workday by increasing mobility and versatility without compromising security.

Passwords are history

A major problem with password-based authentication is that it requires knowledge and effort to create and remember strong passwords, especially if they have to be changed on a regular basis. And those passwords require protection from many threats, as they do not meet the demands of modern IT security.

According to password manager Keeper, last year’s most popular passwords include “qwerty” and “111111”, which also found as many as 17% of all users have “123456”. The word “password” itself was among the top 10 most common passwords chosen despite continuous advice and education to the contrary, as security gives way to convenience.

Given enough time and resources, an attacker can usually breach password-based security systems with tactics such as phishing with social engineering. But passwords traditionally have remained a common form of authentication because of their perceived low cost, ease of use and familiarity.

According to Microsofts TechNet for a password to be effective, it needs to meet the following criteria:

  1. Changed every 60 days
  2. At least eight characters long
  3. Use both upper and lower case characters
  4. Contain a combination of alphanumeric characters and symbols
  5. Unique (only used for this particular profile/website)
  6. Stored using a reversible encryption

However, a high-end powerful computer using brute force cracking could theoretically achieve 350 billion passwords a second, which would only take up to 10 minutes to break the same password (source www.computerweekly.com).

Organizations can of course use a top-down approach to enforce frequent password changes to meet specific criteria. But there are now more attractive login methods available that can reduce risks, especially as the cost and consequences of managing passwords has increased and not impact productivity.

Ten points to remember as you assess your continued use of passwords for login:

 

  1. Passwords are not secure and can be compromised.
  1. Strong passwords are effective but maintaining and remembering them can add extra workload.
  1. From an employee perspective it is common to think that the priority is on productivity rather than IT security, so password strength can suffer as shortcuts are taken to be productive.
  1. Users often re-use the same password across multiple services.
  1. Default passwords are often not changed immediately, making it easier for unauthorized access to systems.
  1. Users tend to keep the same password for a long time if given the choice.
  1. Passwords are sometimes sent over unsecure networks, which makes them easy to hack.
  1. The modern workplace has remote or contact workers that may use unauthorized devices that are not sufficiently secure to stand up to a brute force attack to steal passwords.
  1. As organizations move data to the cloud, passwords may not be a sufficient method to secure and authenticate a users identity.

  2. The costs of password administration and clearing up the consequences of a data breach have gone up.

Two-factor authentication and Net iD will help address ongoing IT security challenges

Two-factor authentication (2FA) provides an additional layer of security for identity management and makes it harder for attackers to gain access to a person's devices and online accounts.

Smart cards increase IT security and minimize the risks of costly data breaches. And with more remote employees needing mobile solutions and companies moving data and applications to the cloud, a two-factor authentication is needed if you are going to comply with the new GDPR regulations.

When you choose to login with the Net iD smart card solution, security is built in three steps.

  • Based on the PKI or Public Key Infrastructure (https://en.wikipedia.org/wiki/Public_key_infrastructure) security standard and uses certificates to identify all users when they log in.
  • By storing certificates on a smart card, the user can easily take their certificate with them when they leave the workstation.
  • To log in and authenticate themselves in the IT environment, the user needs to be able to present information that is stored in the certificate on their personal smart card, and enter their personal PIN code. The combination of something the user has and something the user knows provides two-factor authentication.

When more and more employees need more mobility and more and more companies are moving into the cloud, two-factor login will be required for those who want to live up to the requirements set in the EU's new data protection regulation. Net iD and two-factor login meet this challenge.

  1. Two-factor authentication methods can be used together with a Single Sign On (SSO), with fast logon to other independent systems.

  2. Because the multiple authentication factors are independent, knowing the victim's password alone is not enough to pass the authentication

  3. Once authentication has been verified, an encrypted tunnel is established between the client and the server.

  4. A personally issued card with a PIN code can be used to log in to virtually any system or application, both stationary and mobile.

  5. A simpler technology solution for the user that reduces the IT department’s costs for ongoing password administration.

  6. The same smart card solution can also be used for physical access to buildings and premises, to make payments, for secure printing and as a personal ID card.

  7. The synergies offer new possibilities for cost savings both in investments and regular maintenance.

  8. Secure and user-friendly login Net iD combines the PKI security method with smart cards, the most proven and accepted method for organizations demanding the highest possible security.

  9. Net iD applications are designed to make it easy to implement a better security solution.

  10. Faster and easier login improves employee workflows and ensures that your organization’s security policies are fully complied with.

  11. Net iD is based on open international standards and documented interfaces. This ensures that the solutions function independently of the platform or operating system you use: Windows, Linux, Novell NetWare, Mac OS X, Microsoft Terminal Server, or Citrix.

  12. Standardized interfaces simplify integration with applications and services like MS Active Directory, WAAD, VPN solutions, and business support systems: EMR systems, POS systems, etc.

  13. You can integrate Net iD into virtually any target environment without costly and time-consuming special modifications.

  14. A modular architecture makes Net iD more adaptable than other alternatives on the market. This ensures that you can obtain the exact IT security solution your company or organization requires, and that it can be adapted when the circumstances and needs of your organization change.

  15. The Net iD solution can be upgraded while up and running; you get continuously updated IT security without disturbing operations.

As the Net iD Net iD solution can be upgraded in operation, you can ensure updated IT security, without unnecessary impact on the business.

Share this article

Related

Net ID logo