SecurityInfoWatch.com on the Password Gap and Addressing Security Concerns with Alternative Identity Verification Technologies
Hikvision Provides Examples of ‘Defense In Depth,’ Ways Protect Passwords From Being Hacked
In the SecurityInfoWatch.com article, “Cybersecurity and the Post-Password Internet,” the author discusses the short shelf life of passwords and outlines several technologies that bridge the gap, reducing hacking risks and security concerns.
“Since the invention of the Internet, passwords have been a staple of identity verification. Historically, passwords were intended to serve as the first line of defense in protecting one's sensitive information stored on the web. However, with the rapid pace of technology expansion and innovation, sophisticated cybercriminals have identified ways to surpass password protection. In fact, the frequency and sophistication of cyberattacks continue to accelerate. And with that acceleration comes the realization that many data breach instances are caused by poor password management—opening myriad new threats such as spear phishing, ransomware and even breaches of third-party services,” according to the article.
Using Uber’s 2017 security breach as an example, the author referenced the phishing attacks used in the breach, which posed as emails from Uber in an attempt to get customers to disclose sensitive payment information.
And, with more than eight million IoT devices hosting a larger breadth of data, security has become more complex with passwords functioning as just one line of defense against cyberattacks.
In the article, the author references a few technologies that offer alternative ways to authenticate identities:
- Biometrics: Verifies identity based on biological characteristics such as fingerprints and is being used extensively in financial services for payment options.
- Blockchain and Digital Identification: While lacking in cybersecurity strength, per the article, blockchain offers potential as a new authentication method. Once someone’s digital identity is verified in the blockchain ledger, they can use a digital key to verify their identity going forward.
- Digital Behavior Tracking: Some organizations are using tools that track employee’s digital behavior to determine when an unauthorized hacker is attempting to access information. “Every user’s behavior profile identifies activities such as how someone holds the phone, whether they type with one or two hands, and how they scroll between screens; this data is then collected and, when coupled with advanced analytics, artificial intelligence (AI) and machine learning, can be used to identify individuals attempting unauthorized access,” according to the article.
Read more from the article at this link.
Hikvision On ‘Defense In Depth’
In the blog, “Hikvision Cybersecurity Director Offers Tips to Reduce Cyberattacks and Security Concerns in Network Security, User Security and System Administration,” Hikvision’s cybersecurity director provides examples of "defense in depth" and ways to protect passwords and IoT devices from being hacked.
From the article: “Defense in depth is an approach to manage risk using diverse defensive strategies. It’s based on the idea that multiple layers of defense will provide additional protection against a potential cyberattack. This includes network segmentation, which simply stated means splitting a network into separate networks that are isolated, not connected, and compromising one won’t compromise the others. For example, finance, human resources and security should each have dedicated networks.”
The article also offers tips for user security, network security, and system administration. Click here to read the whole article.
Visit this link for more cybersecurity blogs from Hikvision.