Uppfinn inte hjulet på nytt
Missa inte nästa utbildningstillfälle, den 14-16 maj håller vi tillsam...
As the use of the internet and the availability of sophisticated technology, crime also increases. Fraud can be carried out on a large scale, very quickly and remotely, without physical contact between perpetrators and victims.
The use of the internet and sophisticated technology has transformed the way that cybercrime is committed – enabling frauds to be perpetrated at scale, at great speed, and at a distance, with no physical contact necessary between criminal and victim.
It can be much harder to identify the individuals initiating this type of crime, and their location - which brings new challenges for organizations to prevent and protect themselves against the threats to IT security.
Network crime has created a need for organizations to think about the threats and risks of economic cybercrime and to understand what types of actions they need to take to protect their employees, customers, vendors and partners.
Who needs identity and authentication verification services?
In a 2015 report by PwC
of large organizations said that they had suffered a security breach, up from 81% in 2014. Small organizations recorded a similar picture, with 74% reporting a security breach, up from 60% in the previous year (HM Government, 2015). Of these, 11% of respondents changed the nature of their business as a result of their worst breach.
There are simple measures that can increase safety, that don’t require the complex attention or focus of already time-pressed staff, such as two-factor authentication (2FA) and automated antivirus updates. Important solutions for everyone - from small businesses to large organizations.
In reality, the IT security challenges posed by cybercrime are more of a long-term struggle, and cannot be solved by conventional IT strategies alone. These types of crimes have become much larger and more complex with the advent of social engineering to retrieve information and data to help crack passwords. Along with the growth of the cloud technology, these factors and more are contributing to users becoming “easy targets” that inadvertently help facilitate cybercrime.
If we only took the time to safeguard ourselves many cyber attacks could be avoided, but there is often the tendency to wait until tragedy strikes before anything is done.
If we take for example the recent (May 2017) ransomware cyber-attack that security researchers from Kaspersky Lab recorded more than 45,000 incidents in 99 countries. In the UK a high profile victim was the NHS (the National Health Service) that faced renewed concern about the security of its IT infrastructure after systems were rendered inaccessible with ransomware.
Given the example of the NHS, there are particular risks to the healthcare industry with cybercrime:
Employees, remote workers and contractors demand access to their workspace from anywhere, from any device.
The modern workplace has become more flexible as people increasingly choose to work remotely, have a job where they are on the move or employers use contract workers. There is risk of a data breach from poor encryption, using personal online accounts to store and access work files and usage of unauthorized and inadequately protected devices.
The challenge for organizations is recognizing the signs or risk areas, investing in preventative measures, educating and communicating to time-pressed staff.
Although the consequences of a breach may fall in the first instance upon individuals, businesses and public authorities are generally liable for security breaches, which needs to be taken very seriously with the new GDPR data privacy legislation that came into effect on May 2018.
Identity theft is a serious security threat to any organization and end users alike. Organizations need to know who's accessing their data and ensure that users are who they claim to be.
Prevention is better than cure and identity management is key to enabling organizations to comply with the GDPR, increase IT security and build trust amongst users, staff, employees and partners.
And until recently, hackers focused on attacking vulnerable IT infrastructure. But as protection for such infrastructure strengthens, the attackers’ have shifted their focus to easier targets, those on the move using mobile devices such as employees, contract workers, customers, or even patients. Knowing anything about these individuals can help to launch or support a cybersecurity attack.
With the right architecture and design, a smart card solution offers a range of benefits that simplify the user’s workday by increasing mobility and versatility without compromising security.
Passwords are history
A major problem with password-based authentication is that it requires knowledge and effort to create and remember strong passwords, especially if they have to be changed on a regular basis. And those passwords require protection from many threats, as they do not meet the demands of modern IT security.
According to password manager Keeper, last year’s most popular passwords include “qwerty” and “111111”, which also found as many as 17% of all users have “123456”. The word “password” itself was among the top 10 most common passwords chosen despite continuous advice and education to the contrary, as security gives way to convenience.
Given enough time and resources, an attacker can usually breach password-based security systems with tactics such as phishing with social engineering. But passwords traditionally have remained a common form of authentication because of their perceived low cost, ease of use and familiarity.
According to Microsofts TechNet for a password to be effective, it needs to meet the following criteria:
However, a high-end powerful computer using brute force cracking could theoretically achieve 350 billion passwords a second, which would only take up to 10 minutes to break the same password (source www.computerweekly.com).
Organizations can of course use a top-down approach to enforce frequent password changes to meet specific criteria. But there are now more attractive login methods available that can reduce risks, especially as the cost and consequences of managing passwords has increased and not impact productivity.
Ten points to remember as you assess your continued use of passwords for login:
Two-factor authentication and Net iD will help address ongoing IT security challenges
Two-factor authentication (2FA) provides an additional layer of security for identity management and makes it harder for attackers to gain access to a person's devices and online accounts.
Smart cards increase IT security and minimize the risks of costly data breaches. And with more remote employees needing mobile solutions and companies moving data and applications to the cloud, a two-factor authentication is needed if you are going to comply with the new GDPR regulations.
When you choose to login with the Net iD smart card solution, security is built in three steps.
When more and more employees need more mobility and more and more companies are moving into the cloud, two-factor login will be required for those who want to live up to the requirements set in the EU's new data protection regulation. Net iD and two-factor login meet this challenge.
As the Net iD Net iD solution can be upgraded in operation, you can ensure updated IT security, without unnecessary impact on the business.
Share this article