New Year's Security Resolutions
New Year's Security Resolutions
Happy new year to all our readers, customers, partners, and visitors.
The year 2011 has been very rich in malicious security events, and there is no reason to believe that 2012 would be different. The latest in a long series of incidents was the recent breach of the website of US security firm Stratfor by the hacker group known as Anonymous on December 24th, 2011, exposing personal and financial information of thousands of customers. Strafor is a global security intelligence firm whose customers include the US department of Defense and Bank of America.
The Stratfor hacking was preceded by a string of several high profile incidents including (but not limited to) the following:
- RSA SecurID compromise: in March 2011, hackers breached the RSA network and stole sensitive information related to RSA’s SecurID 2-factor authentication product which is used by hundreds of organizations around the world.
- Sony PlayStation Network hack: in April 2011, hackers were able to compromise personal information of 77 million Sony customers, in what was considered as one of the largest malicious attacks on a commercial organization.
- Citi Hack: in June 2011, hackers used Citi credit card’s website as a gateway to access illegally the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citi customers.
While the above incidents were published in the news, many low profile incidents went unreported. For instance, in the financial sector, hackers have been breaking regularly into the online bank accounts of unsuspecting customers, stealing at a time hundreds of thousands of dollars. Small businesses are one of the most hardly hit groups through these incidents. Most of the small businesses are not adequately prepared or cannot afford the security infrastructure needed to cope with the current threat environment. Many large organizations are also at risk if we consider the long list of high profile victims.
The takeaway from 2011 is that existing security mechanisms (e.g. antivirus, intrusion detection system, firewall, etc.) are necessary but not enough to protect your organization. Sticking to only those traditional technologies means that your organization may not be fully prepared to withstand the current threat landscape.
In 2012, thinking out of the box will be necessary for security officers and analysts who are at forefront of the fight against hackers. This means going beyond conventional wisdom and traditional technologies, and exploring the full capability of emerging technologies such as biometric-based continuous authentication.
Our New Year resolution is to bring you through this blog as much information as possible to help you better understand the current threat environment and make sound decisions about strengthening the security of your organization. In this regard, we invite you to check out three new whitepapers recently released by Plurilock on web fraud detection, cloud security monitoring, and continuous authentication.
We also recommend reading the following short article appeared in the Scientific American, which predicts the disappearance of passwords in the next five years and their replacement by biometrics.