Page 6 - Publication6
P. 6
The network security protocols that guard the gateways to wrong hands, it could open access to all manner of sensitive
sensitive commercial and corporate data have never been data. Worse still, if an intruder enters a corporate network
so weak. In pursuit of the ultimate user experience and using a legitimate UNP, they may remain undetected over
convenience, usernames and passwords (UNPs) have been a prolonged period of time. When measured against the
given unprecedented rule, forcing security into the back sheer number of large data breaches which have taken place
seat. across the US and the rest of the world, the same passwords
used to access a corporate network could be sitting in a
Now the web is integral to our daily lives - thanks in large hacker�s stockpile, just waiting to be used to unlock a
part to the advent of smartphones, tablet computers and, treasure trove of data. These risks are only heightened by
more recently, wearable technologies – it�s no coincidence the proliferation of bring your own device (BYOD) culture
that losses from large scale data breaches are hitting record and the absorbance of consumer apps into the workplace,
levels. Ponemon Institute recently revealed that the average both of which have significant security shortcomings of
cost of a company data breach in 2014 was $3.5million, a their own.
rise of 15% compared to 2013�s study. As the number of
organizations relying on virtual private network (VPN) Yet, whenever a breach occurs, the advice offered from the
access or cloud-based storage for their business-critical top is to simply to �change your password� and all will be
corporate data continues to rise, action on security is long well. With this in mind, how many of us will push that flash
overdue. of guilt to one side and reuse our new password across the
board once again. The �vicious circle� effect here is clear.
What�s wrong with passwords�
Passwords are vulnerable to a whole range of attacks and Surprisingly, there is little doubt that major providers of
their widespread re-use across multiple accounts only webmail, social media platforms, cloud storage and other
popular online facilities are well aware of the frailties of
serves to amplify this vulnerability by significantly in-
password-based authentication, but because they fear a
creasing the �attack vectors� for each. Independent re-
user exodus if they deviate from the UNP model, most are
search commissioned by Swivel Secure Inc. last year
unwilling to do so. Even for large-scale corporate cloud
revealed that, 44.2% of Americans log-in to their corpo- installations, the added �friction� of stronger security at the
rate systems remotely using a UNP. Considered alongside login stage has been seen as a step too far; an annoyance to
the admission that one in five also reuse the same pass- convenience-loving employees who see it as only as an
word across their personal and corporate systems and the extra �hassle� when trying to access information.
alarms bells should start ringing.
In a relentless and questionable bid to make things even
more convenient, we are now seeing a rise in seamless
This plague of password reuse has big implications. Under
UNP-based �single sign-on� facilities, where users log-in to
such circumstances, it may only take one employee�s
one application which can then automatically open the
personal login details to be hacked for an entire corporate
door to a host of others. Such practice is defining a
network to be compromised together with all of the
treacherous �new normal� for online security and
sensitive data held within. Cybercriminals actively phish
worryingly, is infiltrating the IT security practices of
personal sites in the hope of finding a way into corporate
enterprises too.
systems. No matter how bullet-proof a firewall is, if an
employee�s �usual� username and password falls into the
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3
