David Warburton, Senior Threat Evangelist, F5 Networks explains why, despite new authentication systems, cyber criminals are continually evolving and we need to remain one step ahead.
World Password Day this year is perhaps more significant than it’s ever been. Despite the promise of new authentication systems which rely on strong cryptography (instead of our weak and bizarrely common ‘monkey’ passwords) the day when we can all throw our digital codes in the Recycle Bin seems just as far away as it ever did.
The rise of authentication technologies, such as biometrics and facial recognition, come with promise of stronger security for online consumers but the cyber criminals seem to do a far better job of adapting to change than the rest of us. Biometrics can often be tricked and attackers increasingly use insidious social engineers tricks to get around hardware security tokens such as bank card readers.
Attackers are increasingly relying on social engineering tactics, such as phishing, to deceive users and grab their names, addresses and passwords. These can then use this to access any sensitive data that is not protected by multi-factor authentication.
This puts businesses in a delicate position. How can they ensure they continue to implement the strongest security policies and outsmart hackers to protect their sensitive data? The best route businesses can take is to consider the context under which access is being requested. Where is the user located? Is this normal for this person? Are they using a corporate or personal device and do those devices comply to company standards? While multi-factor authentication must become the norm, it should not stop at simply using a hardware or software token since these can and have been bypassed by criminals employing social engineering tricks. But, perhaps most importantly, organisations need to ensure continuous security training is available and compulsory for all staff.
Ultimately, as hackers continue to refine and evolve their techniques, so must businesses. Continuously evaluating security practices and authentication methods is crucial to implement new habits stay on top of a threat landscape that shows no signs of slowing down.