Are we there yet? 2021: Out with the password and in with intelligent security
Alison Coleman, Senior consultant for Ireland and UK firm, The Security Consultancy and Pan European firm, Security Knights, spoke again this week about the importance of moving away from passwords;
"The average person has well over a hundred different online accounts or logins. It's difficult for people to keep track of these. In our experience the overwhelming majority of security incidents, including breaches can be attributed to an archaic over reliance on passwords in people's security journey. We should expect more from security than our ability to remember something different, complex and non sequential for each of the hundred or so accounts we all have to remember. We've had passwords for centuries. We think their time is up and it's time for security to be brought up to date and into this century. More than nine in ten breaches are down to passwords. Many of our clients are making 2021 their year to upgrade."
Later in the same week, Microsoft announced at its annual Ignite conference that business customers will soon be able to use biometrics with their Azure Active Directory cloud authentication. Microsoft acknowledge that passwords are a huge and unnecessary risk for organisations and will be encouraging organisations to have users sign into their accounts using facial recognition software like Windows Hello for Business, fingerprint scanners, the Microsoft Authenticator app, or a FIDO 2 (fast identity online) option such as a physical USB key. We think this is excellent news and look forward to the significant reduction in weekly breach reports.
In the news this week.
February 25 - Irish Data Protection Commission (DPC) published their Annual report for 2020 with reprimands and temporary prohibitions on data processing issued against both Waterford and Kerry Councils, reprimands issued to the Child Protection Agency and to Ryan Air.
The DPC fines included four separate fines of €75k, €40k, €50k and €35k against the Child and Family Agency, €65k against the Health Executive, €75k against University College Dublin, & a €450k against Twitter. Nearly 90% of breaches involved unauthorised disclosures with a rise of nearly 400 reported breaches on 2019, at over 6,500 across 2019.
March 2 - North Carolina US, Law enforcement are investigating a ransomware attack that led to a significant outage at medical firm, Allergy Partners. It's not clear as yet whether the $1.75m ransom was in fact paid. The clinic posted a message apologies for the outage, explaining it was due to a cyber attack.
March 4 - Industry report from Chinese internet security firm Qihoo 360. The report alleges 40 high-level overseas hacker groups, including several with suggested associations with Western Intelligence agencies, including the US Central Intelligence Agency, have been targeting Chinese business and public sector.
Qihoo 360, whose founder, Zhou Hongyi, is a leading member of the National Committee of the Chinese People's Political Consultative Conference alleged that China had suffered more than 2,700 advanced cyber attacks since 2019.
March 6 - Brazilian analysis on February's breach of 3.2bn passwords from February established that over 10m Brazilian Internet users passwords were affected, including nearly 70,000 belonging to Government agencies including the National Congress and the Supreme Court.
March 7 - Change up in US Cyber Policy as President Joe Biden announces first summit with Chinese neighbours, Australia, India and Japan in an effort to counter Chinese influence in the Into-Pacific region.