Cybersecurity2014: The year of security breach awareness

2014 will be seen as the “Year of the Breach,” or at the least, the “Year of Raised Awareness of Breaches,” according to observers of IT security trends over the course of the year.

Keith Graham, CTO of SecureAuth, writes in Government Technology that the year has seen an unprecedented exposure to issues surrounding the lack of IT security in both the private and public sectors.

“You didn’t have to look too hard in the media throughout the year to see that we’re still learning that no matter good an organizations security strategy is, or how strong its preventative measures are, attackers will always find a way into a victim’s networks,” he writes.

The problems with this, according to Graham, are two-fold.

First, the legal repercussions for hackers are small, and usually non-existent, but the cost in damage to the victims of hacking can be huge. A survey by the Ponemon Institute revealed that in 2014, the average cost of a cyber attack was $20.8 million for a company in the financial services sector, and $8.6 million for a retail store — costs which ultimately affect the public at large.

Secondly, recent Apple iCloud attacks and the much publicized leak of celebrity personal photographs in 2014, have revealed that the traditional password model of security in user devices is still lacking. Even two-factor authentication saw an array of breaches, indicating that cyber criminals were advancing with the technology itself.

“We even saw a well-orchestrated attack where attackers were able to bypass two-factor authentication — arguably the most significant and well-publicized attack against two-factor since…2011,” Graham adds. With this, he points out, the attacks continued throughout 2014, impacting a large number of victims to the point where the breaches were hardly shocking or newsworthy anymore.

The solution, Graham says, is to throw out traditional models of security and be creative.

He is particularly intrigued by “behavioral analytics” and how these could create a new type of password, “The one I’m keeping my eye on is continuous authentication through behavioral analytics. Each of us has a unique pattern in how we use the keyboard, mouse, and touch screens; we can monitor those behaviors to establish a baseline ‘fingerprint’ for each user, and then continually measure that behavior to see if it changes”

Further, biometrics, such as authentication via fingerprint or eye scans, is finally being incorporated into commercial smart phone technology.

Graham says, however, that businesses and users alike will probably continue to play cat and mouse with hackers for years to come until these authentication methods can become more of the norm.

“We need to thwart them at every turn, not just at the perimeter – without bringing business to a halt in the process,” he said.