Brian Wallace, Founder & President, NowSourcing
Cybersecurity is needed now more than ever. Coronavirus has exposed why we’re at risk. Large-scale growth of work-from-home technologies, customer-facing networks, online cloud services have all been exploited by cyber attackers. COVID-19 has led to increased susceptibility to attacks with a 30% increase in cyber attacks reported each week in March and April 2020 compared to pre-coronavirus.
Covid has taught us three important lessons: a cyberattack can spread faster than a biological virus, the economic impact of a digital shutdown could be immense, and recovering from digital destruction can be very challenging. Soon we could see cyber pandemics, a self-propagating, digital attack that exploits tech loopholes before patches and antivirus software become available, that can spread faster and further than a biological pandemic. Consequences of cyberattacks on devices include poor performance and bricked or inoperable devices. The consequences of cyberattacks on the world would be extremely costly.
As we recover from the pandemic, businesses must re-evaluate their security policies and procedure to reflect the shift to remote work. Breaches will only increase until we change our approach to authentication. Authentication verifies that an individual is who they claim to be and confirms that person should be granted access. When your user authentication isn’t secure, cybercriminals can bypass the system, taking whatever information they want.
Various authentication methods pose different strengths of security. Passwords and security questions are very weak. Answers to security questions are often readily available online. Out-of-band voice is also weak because voice calls are easily intercepted or redirected. Time-based-one-time passwords are medium security. One-time codes expire after a short period, enhancing security, but are vulnerable to SIM hijacking, malware, and notification flooding attacks. Biometrics are high security; they are hard to fake, but, if the data is compromised, people can’t simply change their fingerprints or face. Legacy multi-factor authentication varies in security strength and depends on the weakest factor used. More factors don’t mean more security. Multi-factor authentication creates headaches for users, and lack of usability is likely to erode compliance with password best-practices, further compromising security.
Asymmetric cryptography leveraged by certificates is already universally trusted. Certificate-based authentication eliminates the need for passwords, reducing the change of user-error, phishing attacks, and hacked password databases. Multiple criteria are used to determine whether an attempt is invalid. The end-user granted easy access without remembering a password or needing a second device for authentication. This means extremely secure authentication that is also easier for everyone to use. Increased cybersecurity is imperative, making secure authentication methods a priority.
About the Author: Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency in Louisville, KY and Cincinnati, OH which works with companies ranging from startups to Fortune 500s. Brian runs #LinkedInLocal events, hosts the Next Action Podcast, and has been named a Google Small Business Adviser for 2016-present. Follow Brian Wallace on Linked