Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Strong security is just common sense

by Andy Kemshall - SecurEnvoy CTO and co-founder - Friday, 23 September 2011.

For many years those who concerned themselves with an organization's cyber security warned of threats, both internal and external, urging organizations to adequately protect themselves. Unfortunately the message either went unheeded, or the security measures implemented were insufficient, as we’ve seen headline after headline of victims who’ve suffered a breach. While the severity may vary, each is an example of the concerned organization's security measures being found wanting.

And the battle has only just begun as, in recent months, security professionals have amplified the cry following attacks from DigiNotar, Anonymous and WikiLeaks – and the list goes on. Organizations need to get a grip on their borders, now, or risk losing the cyber fight and becoming another statistic.

Strong foundations

The threats an organization faces are multifaceted. While it’s possible, and perhaps tempting, to spend millions plugging every hole the reality is it’s impractical. Instead a more common sense approach to security is required.

At the heart of the problem is that, with every breach incident, the likelihood of a user’s identity having been compromised increases. Therefore, it doesn’t matter how intrinsic the overarching security approach, it is fundamentally flawed if you fail to establish that the person gaining access is who they claim to be. For example, while a VPN provides a secure communication tunnel, if a hacker can mimic a legitimate user and use their key to open the pipe then everything traveling down it is insecure.

Physical security is common sense in a virtual world too

In the real world we regularly use Chip and Pin to make a purchase in the high street, or withdraw cash from an ATM. Quite simply this is two factor authentication in action in the real world.

Before clarifying what constitutes two factor authentication, it is probably worth stating what it is not. A password on a PC (often referred to as single factor authentication) is the equivalent of a basic lock – only slightly better than nothing. It stands to reason that two passwords - even if one is a data pattern or random characters from a memorable phrase, it is actually just two locks. Although it may slow an intruder by having another password, common sense should tell you it still isn’t adequate.