2016 / 1 February

Cybercrime: Handing Keys To The Criminals?


Here’s a fact: the bad guys know who you are and they know how to open the doors to even your most sensitive secrets.

Spoiler Alert! A key part of the solution is replacing vulnerable passwords, PINs, etc. with biometrics but more on that in a moment.

The widespread use of social media means that virtually everyone has some public presence online. If you use Facebook, LinkedIn, Twitter, Instagram, Pintrest or any of the other hundreds of social media outlets then this means you! The problem is that virtually everything about your online identity is protected by something you know. A username, a password, an email address, the name of your first girlfriend or boyfriend – you get the idea.

And if you know something, so can the criminals with enough perseverance and a little trickery.

In seconds, your bank accounts, personal e-mail, Facebook, and more are all laid bare while you remain blissfully unaware. Well, at least unaware until the damage is done.

Here’s another sobering truth: According to a recent report, cybercrime cost the global economy more than $400B in 2014. If you find that figure astonishing, the report by security software-maker McAfee and the Washington think tank Center for Strategic and International Studies calls it a “conservative” estimate. The upper end of the range is $575 billion. Losses connected to personal information, such as stolen credit card data, was put at up to $150 billion. That means cyber criminals are targeting far more than just your financial data. They are going after medical data, employee information, insurance, corporate secrets and much more. They are also using more and more sophisticated methods of obtaining this data — it’s an arms race!

The numbers show a harsh reality as cyber crime incidents have increased nearly 7 fold since 2006 and show no signs of abating. Nearly two-thirds of all U.S. firms have reported that they have been a victim of a cyber attack.

The recent high-profile cyber attack on Sony Pictures illustrates just how poorly prepared even large corporations are to adequately protect their most valued secrets. Included in Sony’s stolen data were information on unreleased films, executives’ salaries, private e-mails, and even passwords. Passwords?! Surely, only morons would keep sensitive passwords in a document stored on their network? If you’re a business owner of a company with more than a handful of employees and think that scenario is unique to Sony, go take long look in the mirror.

The security of data stored on your network is only as strong as it’s weakest link and for most firms that is the user’s username and password.

Let’s face it; the endless list of usernames and passwords we all need to remember has simply become a pain. It’s one of the reasons people resort to writing them down, sticking them on a post-it note under their keyboard, or adding them to an electronic note pad.

The more tech savvy folks out there might make use of one of the many excellent password managers on the market, including myself. A good password manager makes safely storing — insert extreme skepticism — and remembering passwords a breeze. Let’s think about this for a moment. All your most sensitive information protected by a single “master password” and probably stored in some nameless cloud so you can keep all your devices synced. What happens if your master password is compromised? How do you know if your data is safe in someone else’s cloud? Are password manager services that aggregate passwords for thousands of customers, in fact, making themselves a bigger target for criminals? Suddenly things don’t sound so safe and secure.

The issue is that our current model of protecting sensitive information is fundamentally flawed. A username and a password – what you know – is a critically weak link in the chain.

Finis Conner, the co-founder of Seagate and founder of Conner Peripherals, distills user authentication down to three fundamental pieces of information:

  • What you know? Usernames, passwords, pin codes, etc.
  • What you have? Hardware or software token generators such as RSA, Google Authenticator, etc.
  • And who you are? Biometrics.

Technology has progressed to the point where it’s now practical to eliminate the use of usernames, passwords and pin codes or, at the very least, minimize their use.

We finally have the technology to move away from “what you know” as the key to opening the door.

Biometrics are increasingly being integrated into mobile phones, including finger print scanners, facial, voice, signature, and other types of biometrics. What’s needed is a safer and more secure solution for storing your sensitive information that keeps it firmly in you control. Smart cards offer the perfect platform to integrate the needed storage, processor, hardware-based encryption, wireless communication, and operating system to securely store sensitive data. Essentially, a smart card that is a fully functioning computer but fits into smart card that can stay safely tucked in your wallet. So, why don’t we just put everything onto our smart phone? That’s the subject of another post I entitled 1 Device to Rule Them All, Should You Be Worried? — go check it out.

BluStor, a technology startup founded by Finis Conner, has recently introduced just such a product. CyberGate is an open platform, being developed as an adaptable solution that meets immediate cyber security needs as we as those of the future. BluStor packs a huge amount of technology into the innards of a typical sized credit card:

  • A high-performance processor
  • Hardware encryption
  • Support for multi-factor biometrics
  • Large amounts of flash memory
  • Large capacity rechargeable battery
  • Secure Bluetooth/NFC wireless interface

CyberGate enables multi-factor biometric authentication combined with a tremendous amount of secured storage for your most sensitive information. And because it can readily integrate with mobile phones, laptops, desktops, existing smart card readers, and virtually any device that supports Bluetooth or NFC, adoption is easy and painless. Companies do not need to replace their existing infrastructure, point-of-sale systems, or other hardware.

In terms of the integration of so many capabilities into a single smart card platform and being positioned as an open solution, it’s a first for the industry that I believe holds tremendous promise.

If you valued this article and want more, please hit the ‘like’ button and also share via your Twitter, LinkedIn, Google+ and Facebook social media platforms. I encourage you to join the conversation or ask questions so feel free to add a comment on this post.

You can also find me on twitter at @NewFrontierCIO for more commentary on the frontiers of technology, leadership, space exploration, and science.


No comments so far.

Leave a Reply

No comments so far.

Leave a Reply