Preventing Cyber-attacks: It Takes a Creative Mind to Stop a Devious Mind
Encryption was almost entirely the domain of military organizations eighty years ago. Now it is ingrained in nearly every business transaction that takes place every day, and it often goes unnoticed by users. Will strong encryption, secure key management, and complex passphrases be enough to stop future attacks?
A Chink in the Armor
Smart devices are nearly unavoidable these days. The “smart phone” seems to have been the one that blew the concept of privacy right out of the water. Trust of the data is left in the hands of whatever cell service they use or by the social media sites they frequent. It seems that few people take responsibility for their own sensitive data management. Perhaps they do not feel a need, or perhaps they do not consider it sensitive.
That is a dangerous attitude. Consider, the webcam and mic. Fifteen years ago you needed to go to an electronics store to purchase a golf ball sized orb on a clip to use video chat, or spend upwards of $300 if you wanted to film you and your friends skiing. Those devices needed to be plugged in or turned on to work.
Now, nearly every piece of tech has an HD camera, including smart phones, laptops, and gaming devices. Most of those devices are always on by design, and vulnerable to breach. Something sensitive can easily be captured with one of those cameras. It’s worth thinking about, especially considering that today just about every device comes with an in-device camera.
Video game systems and smart speakers can listen to our conversations and respond to verbal queues (and movements). Software can now turn speech into text accurately and reliably. Taking this into account, sensitive data now goes far beyond a credit card or social security number. Everything you say or do in your own home is now, quite possibly, sensitive data.
Rising to Meet Future Threats
The smart phone will soon be among the least of our worries. Smart watches, smart speakers, smart glasses, and other smart appliances are invading our workplaces and homes. The security concerns are very real when you think about it. All it would take is one compromised smart watch to capture a password from a whiteboard.
In fact, it may not even be as sneaky as all that. There’s an interesting article that details some data security slip-ups that happened on live TV. In each instance, there was sensitive data in the shot. These videos were deliberately televised without regard for the background, and savvy viewers picked up on the sensitive data.
Would attackers be inclined to hack the cameras of personal devices? A smart phone that’s in your pocket most of the time might pose little threat, but what about a smart watch? Could an attacker gain access to a Database Administrator’s home appliances? What if they were able to learn of a passphrase, or record business conversations, by hacking an entertainment system? It would be worth the attempt if it meant gaining access?
Surely, you’ve implemented, or at the very least heard of, the following security steps. These are the basic steps you take to prevent a conventional attack.
- Deploy strong encryption wherever possible and adopt a strong key management solution.
- Do not keep passwords written down, especially on whiteboards.
- Use strong passwords like phrases that include dashes – or numbers are great.
- Develop and enforce policies regarding security best practices on employee’s personal and home devices.
Finally, let’s make the assumption that attackers are thinking outside of the box. It follows that we too must think creatively to stop data breaches.
Let’s pretend that an attacker has hacked a smart watch or webcam and acquired a password to your database. That attacker has just bypassed most of the security measures you’ve put in place.
To stop an attack at this stage, you need strong multi-factor authentication. If multi-factor authentication (also known as two-factor authentication) is deployed on the breached system, when the attacker tries to enter the stolen passphrase, instead of gaining access, the screen requests another login factor with a message such as, “A text message has been sent to your phone. Please enter the 6-digit pin to continue.”
Multi-factor authentication can save the day in these circumstances. As more and more digital devices flood the workplace, the need for multiple lines of defense becomes very real.
Multi-factor authentication is just one component of Assure Security, Syncsort’s comprehensive IBM i security offering. Assure Security enables your organization to comply with cybersecurity regulations and strengthen IBM i security by controlling access to systems and data, enforcing data privacy, monitoring for compliance, and assessing risks.
For more information about the multiple lines of defense against cyber-attacks, read Syncsort’s white paper: The Essential Layers of IBM i Security