Deloitte: How to fight back against cybercrime

Deloitte: How to fight back against cybercrime

Deloitte: How to fight back against cybercrime

0

Cybercrime has gone professional with cyber-attacks on everything from sensitive government data to corporations’ intellectual property.

That is why the old image of the thrill-seeking hacker breaking into protected systems for fun seems almost quaint today.

Deloitte Global, an international network of business management consultants,  has presented ways through which organisations can effectively fight back and implement measures to manage cyber risk, drawing on new technologies to make themselves stronger.

According to Deloitte, technological advances are giving organisations the opportunity to move beyond passwords and organisations should strongly consider taking that opportunity, especially as cyber-threats expand.

Given the poor user experience, rising costs, and security weaknesses of password mechanism, companies should migrate to new digital authentication systems that tighten protection and improve user experience.

ul_industries_hitech_segmentlanding_ict[quote font=”georgia” font_size=”22″ font_style=”italic” align=”left” arrow=”yes”]Given the poor user experience, rising costs, and security weaknesses of password mechanism, companies should migrate to new digital authentication systems that tighten protection and improve user experience.[/quote]These new technologies which include non-password based authentication such as biometrics ,user analytics and Internet of Things (IoT) applications, offer companies the opportunity to design a fresh paradigm based on bilateral trust and improved system security and their successful implementation can help accelerate the business and also differentiate it in the marketplace.

Deloitte  explains that transiting from old password security legacy to new systems is never easy for companies but by following a risk-based approach, they can create a well-considered road-map to make the transition by focusing investment and implementation on the highest-priority business operations. Beginning with a pilot to test selected options, companies can then expand successful solutions to where they are needed most.

This risk-based approach is necessary because even biometric technologies are not fail-safe, Deloitte explains. Many biometrics are difficult to spoof but are not spoof-proof. Fingerprints, for instance, can be faked using modeling clay, although system designers can address these potential vulnerabilities by implementing certain techniques but these techniques are not ready to be fully implemented.

Moving beyond passwords may sound daunting, requiring major IT upgrades as well as changes to internal knowledge management and other business processes.

President Muhammadu Buhari, seated, undergoing the biometric capture by officials of the National Identity Management Commission (NIMC) in Abuja
President Muhammadu Buhari, seated, undergoing the biometric capture by officials of the National Identity Management Commission (NIMC) in Abuja

[quote font=”georgia” font_size=”22″ font_style=”italic” align=”left” arrow=”yes”]Many biometrics are difficult to spoof but are not spoof-proof. Fingerprints, for instance, can be faked using modeling clay, although system designers can address these potential vulnerabilities by implementing certain techniques but these techniques are not ready to be fully implemented.[/quote]Deloitte  however  presents the following incremental steps organizations can take toward a smooth transition from password mechanism to new digital authentication that will better protect them from cyber-attacks:

Prioritise: Organisations can assess strategic business priorities against the threat landscape and identify weaknesses in authentication systems for key business operations ranked by importance.

Investigate: Organisations can then examine possible solutions for stronger authentication, evaluating advantages and disadvantages in protecting against top threats and the ability to provide a practical, cost-effective, and scalable answer for the specific work environment.

Standards-based authentication software solutions help to avoid the costs of new infrastructure and also to lay the groundwork for integration of next-generation solutions.

binary-code-and-monitors[quote font=”georgia” font_size=”22″ font_style=”italic” align=”left” arrow=”yes”]organisations can update access policies. Replace policies on password security with risk-based policies for authentication based on the sensitivity of information requested. Teach users how the new system works, focusing on its advantages over the old technology.[/quote]Test drive: After choosing a promising solution(s), organisations can conduct a pilot in one or a few high-priority business operations. In these trials, collect data and feedback on users’ experience, asking questions such as; Are users able to adopt the solutions easily and intuitively? Has easier online access made their work more efficient? Is online access then being used correctly more often in a way that provides greater security?

Do users raise privacy or other concerns about any biometrics or adaptive, dynamic solutions based on their behavioral norms? From the online administrator’s perspective, what is the experience in the cost of maintaining the new system, compared with the old password system?

Expand: Organisations can also harness lessons from the pilot, apply the solution to a wider swath of key operations in phases based on prioritization.

Revamp and educate: Finally, organisations can update access policies. Replace policies on password security with risk-based policies for authentication based on the sensitivity of information requested. Teach users how the new system works, focusing on its advantages over the old technology.

Elizabeth Edozie Technology Journalist @Technology Times 08077671659 elizabeth.edozie@technologytimes.ng

We want to hear from you...