The Future of Cybersecurity
Cybersecurity has been on the minds of companies everywhere since the Dropbox and Yahoo hacks occurred. With the advent of cloud connected technology and the growing sophistication of malware and hacking attempts, it seems many common cybersecurity methods have become outdated.
So what could be in the future of companies seeking to improve their cybersecurity methods? We asked Stephen Gates, the Chief Intelligence Analyst with NSFOCUS, what his thoughts were on the situation.
Gates immediately told us that all companies need to start employing multi-factor authentication as a mandatory part of their information systems. He referenced a quote from the Cybersecurity National Action Plan: “The President is calling on Americans to move beyond just the password to leverage multiple factors of authentication when logging-in to online accounts. Private companies, non-profits, and the Federal Government are working together to help more Americans stay safe online through a new public awareness campaign that focuses on broad adoption of multi-factor authentication.” However, Gates also noted that there currently is no regulation being enforced in how companies handle their cybersecurity, and that public awareness efforts can only go so far in solving the issue.
The biggest threat to IT executives today is prevalence of employees using work machines for personal business purposes. Employees that have their personal accounts hacked increase the likelihood of successful phishing, malware, and ransomware attacks hitting company networks. Because of this, parts of the U.S. government banned employee access to certain online email services earlier this year. Perhaps other organizations would be well advised to follow suit in the wake of the recent security breaches.
While organizations who store millions of user account credentials for online services are getting better at protecting their data, many still could be falling short. Two-factor authentication should be implemented everywhere, on user accounts as well as administrator accounts. If two-factor authentication is not widely adopted, it will not solve the problem at large.
One of Gate’s suggestions for increasing cybersecurity effectiveness is preventing employees from using company machines and networks for personal business. While he agreed that this can be seen as a potential problem with younger and younger workforces – policing their usage leading to animosity, distrust, and attrition – he proposed a solution that allows companies to protect their machines and networks from personal usage without upsetting the younger generations: “create an environment whereby personal interaction with the Internet can be done at work, without using corporate devices and the corporate network.” He explained that setting up a separate network with different machines specifically labeled for personal usage by employees could help keep both companies and their employees happy and safe.
I had heard a rumor about security experts discussing a possible future in using alternative forms of authentication instead of a password. I asked Gates about what this could mean. “Fingerprints, retinas, facial features, and even DNA are all very unique to each individual,” Gates explained to me. “In addition, researchers have recently discovered that each human’s hair proteins are also very unique. These are the types of things that must be used to authenticate someone; not passwords, tokens, and two-factor codes.
There are some new developments in attempting to implement a better method of authentication across the board. For example, many laptops today come with fingerprint scanners. Smartphones are now using applications that can identify facial features for authentication using the cameras they come with. Physical security may include retinal scans and even hand scanners. These are things people can’t lose, can’t forget, and most likely can’t be stolen. Personally, I think facial feature authentication is a great step in the right direction. It’s not too overly intrusive and most people would not be afraid of it – like a retinal scan.”
While facial recognition is still in its early infancy, the industry will soon become more proficient in identifying possible biomarkers on someone’s face that are difficult to spoof. The cameras on smartphones nowadays are just as good if not better than many of the stand-alone cameras on the market, so the next step would be to install higher quality cameras on computers that can adjust themselves automatically for different environmental conditions like lighting, makeup, hair, and aging. While other forms of authentication like retinal scanning may seem intrusive, no one seems to mind taking pictures of themselves. However, for now current two-factor authentication methods would still need to be implemented as a form of backup in case facial recognition fails.
So, it would seem that biometrics are possibly in the not-too-distant future as the new standard of authentication, with facial recognition being the most likely method to be implemented due to society already being pre-conditioned for taking selfies. In the meantime, companies need to make sure that their employees are using two-factor authentication on their company owned user accounts. Companies would also benefit from separating machines and networks intended for business related usage from machines and networks used for personal business purposes to help isolate attacks.
By Jonquil McDaniel