CIO Review >> Magazine >> March - 2014 issue

Today's Cyber Security Arms Race has Evolved into a Battle

By

Friday, February 28, 2014

Bill Conner Dallas based Entrust Inc. is a provider of identity-based security software and services in the areas of public key infrastructure (PKI), multifactor authentication, Secure Socket Layer certificates, fraud detection, digital certificates and mobile authentication

Malicious programs or malwares are increasing at an unstoppable rate. Today, it is easier than ever for cyber criminals to unleash sophisticated malware across the internet, resulting in damage and losses in millions of dollars. In some cases, cyber criminals are even able to access 24/7 call center support when they have trouble with the malware they purchase. When dealing with a landscape such as this, where the bad guys have more day-to-day help than the good guys, what we create is an asymmetric landscape where criminals can easily breach today's standard security defenses. At the same time cyber criminals are waging an increasingly sophisticated war on digital identities – which can be devices, people or even applications. The volume of digital identities and the number of relationships associated with each identity is increasing at an exponential rate. This means that there are a growing number of targets to attack.

Recent high-profile attacks against identities on some of the most popular social networks –including Twitter – have spotlighted that it is increasingly imperative to move beyond single sign-on and hardware-based second factor authentication. It is simple. Given today’s threat landscape, we absolutely, positively cannot continue to rely on username and password combinations to ensure security. Further, while strong encryption is the topic of much debate right now, an aspect of the conversation that seems to be missing is the need to bind strong identities to cryptographic functions. If an identity is compromised, encryption alone provides no greater security than when encryption is not applied at all. In coming years, I see more-and-more businesses and governments adopting security software platforms that address multiple domains including cloud, mobile, physical and logical. The flexibility and easy management of this type of platform is prerequisite in times of tremendous change, and I am optimistic that more and more organizations seem to understand that adopting this type of security platform is a table stakes decision.

Entrepreneurs Need To Make the Best Use of Limited Resources

Making the best use of limited resources is true even when it comes to security. Unfortunately, in many cases entrepreneurs treat security as a problem that they can fix one and then forget it. This is incredibly dangerous and short sighted. The reality, however, is that today’s digital security landscape is changing by the week, by the day and in some cases by the hour. What we are dealing is an asymmetric arms race that requires everyone – even entrepreneurs to demonstrate diligence in thwarting cyber-attacks. It also means entrepreneurs will need to leverage next generation cyber security capabilities such as software platforms that have extensive capabilities to address a range of needs in a flexible manner, including mobile and federation. Additionally, today’s entrepreneurs need to face the challenges and opportunities presented by mobile technology. Mobile is a force of great change in technology which should be embraced in a manner that first secures devices and then allows these devices to be leveraged for greater security and improved user experience. We are already seeing larger enterprises embrace mobile in this way. When entrepreneurs also begin leveraging mobile devices to enhance security, I believe they will also see improvements in efficiency and productivity and whilst also enjoying a platform that can be used for a wide array of value added services.

(As told to Thomson Anthony)