Home Asia-Pacific I 2014 Better safe than sorry

Better safe than sorry

by david.nunes
T. Kendall Issue: Asia-Pacific I 2014
Article no.: 10
Topic: Better safe than sorry
Author: T. Kendall “Ken” Hunt
Title: Chairman & CEO
Organisation: VASCO
PDF size: 252KB

About author

T. Kendall “Ken” Hunt — Mr. Hunt – is founder, Chairman of the Board and Chief Executive Officer of VASCO Data Security International, Inc. Mr. Hunt has served as Chairman of the Board since the Company’s incorporation in 1997. He was our Chief Executive Officer from 1997 through 1999 and returned as CEO in November 2002. Mr. Hunt is Chairman of the Midwest Council of TechAmerica (formerly The AeA), former President of the Belgian Business Club of Chicago, and a member of The Economic Club of Chicago. Additionally, he is on the Advisory Board for the Posse Foundation.
T. Kendall “Ken” Hunt holds an MBA from Pepperdine University, Malibu, California, and a BBA from the University of Miami, Florida, where he attended on a full football scholarship.

Article abstract

While banking is now protected by various security methods, widespread cyber-crime must now be tackled by both enterprise and consumers. Passwords are easily guessed, insufficiently encrypted and easily found when stored online, unprotected. Identity thefts result in costs and effort. Leaky corporation data results in loss of business confidence. Competitors gaining access to confidential business data can bring companies to the brink of ruin. Authentication can be strengthened by techniques, such as the one-time-password and the two-factor authentication, which require no password storage and no memorising of passwords

Full Article

Online fraud schemes and successful hacking attacks have become commonplace. Every day, new fraud attempts come to light and it is clear that security still leaves a lot to be desired. Banks and financial institutions worldwide – such as the Japanese bank Sumitomo Mitsui Banking Corporation, one of the largest global banks – have already acknowledged the dangers and deployed ample security mechanisms in order to secure their customers’ accounts and prevent cybercrime. Now, as security awareness is rising due to the heavy mediatized hacking attacks, many social media, e-commerce shops and enterprises are likely to follow suit. .
More often than not, security is perceived as an expense. However, data theft comes at even higher cost. Adequate security measures and mechanisms are much more than a mere expense. Security can prevent companies from losing face, revenue, customers, credibility and legal battles. All too often this proves to be a hard learned lesson and companies lick their wounds after reported data breaches.
The data leaks that have hit the headlines are avoidable and are down to a string of lax security concepts: personal customer data, such as the passwords, continue to be saved with insufficient encryption, if any. Many customer and employee access methods continue to be protected by obsolete systems. Companies continue trying to increase security levels on the basis of questionable recommendations.

None of your business?
In spite of all kinds of cyber-attacks mentioned in the media, the average Internet user still believes that those attacks will not happen to him or her. However, nothing is further from the truth. In Singapore, for example, 72 percent of adults online have been a victim of cybercrime in their lifetime . Consequently, there is no reason anymore that a following scenario is totally unfounded:
The perfect holiday in the sun… for a stranger:
John regularly books a holiday, city trip or weekend away online. His favourite booking site allows him to store all his personal details very conveniently, so that he can book that perfect hideaway with just a few clicks. On a sunny Monday morning, he checked his credit card details. He has been charged an astronomic amount for a 2-night stay in a charming hotel in Paris, and he never even visited the city!
What happened? A fraudster was able to retrieve his citytrip.com password 3 weeks before. Thanks to the name of his dog, the hacker was able to change some of his personal details and book a weekend in Paris. By substituting his email address with a bogus one, the confirmation and reservation details never reached John. His card was charged as he – very conveniently – stored his credit card details online.
The aftermath? John’s sunny Monday morning was completely ruined. He contacted the booking agency that in turn, contacted the hotel. They accepted the printed reservation in John’s name. The room was already prepaid with his credit card. He then contacted his credit card company. They started an investigation to see whether he could recuperate the lost amount. In the meantime his account had been blocked, he applied for a new credit card, and he went to the police to file a complaint. He immediately lost trust in the online booking site and vowed never to use it again.
This little history is far from sci-fi; in fact this kind of swindle happens every day. All too often, fraudsters do not have to take great pains to succeed in their heinous plan. One of the difficulties is the number of accounts the Internet user has to take care of: social networks, online e-mail, shopping or gaming accounts, local sports club, etc. All applications require a password. Internet users tend to choose between selecting one very difficult password to secure all their accounts on the one hand, or choose various passwords that are easy to remember. Names of the children, loved-ones or pets, dates of birth and plain combinations on the keyboard, such as 123456 are warp and weft. Even the word ‘passwords’ is very popular.
It may sound convenient to limit the amount of passwords and to keep it simple to remember, but it is self-evident that it is not in the least secure. Troubles as described in the little scenario may suddenly be not far away.

More than money
It is not only money that hackers are looking for. Confidential information, intelligent property or a smaller supplier’s database that can be used as a steppingstone to reach a larger company’s information are desired targets. Here is another story that might be drawn from real life:
In-the-cloud CRM causes stormy weather for ambitious SMB:
Mr. Smith ran a thriving small business in a very competitive sector. He was able to grow his revenue from scratch to annual revenue turnover of £15 million in only three years. The secret for his success: flexibility, good customer service and sharp prices. His growth did not go unnoticed by the market leader in the sector, who lost deal after deal to the benefit of Mr. Smith. Suddenly, Mr. Smith’s business success declined. The larger competitor was able to regain market share by focusing on Smith’s customer base, offering lower-than-market prices. It puzzled Mr. Smith that his competitor knew his customers and how much he charged them.
What happened? The answer was simple: industrial espionage! His competitor was able to hack Mr. Smith’s in-the-cloud Customer Relationship Management (CRM) system. This account was only secured with a static username & password combination, giving the hacker easy access to Mr. Smith’s crucial customer data.
The aftermath: Mr. Smith’s successful little company went bankrupt and he lost everything. The market leading company gobbled up Smith’s customer base. The ageing Mr. Smith now works for his erstwhile competitor… as a janitor. The company’s CEO always smiles when he sees Smith closing the main gate at night.
Nowadays, fraudsters consider SMEs (Small to Medium Enterprises) as attractive victims, as they tend to be less careful in their cyber defences. An increasing number of SMEs are experiencing losses because of cybercrime. A survey executed by Guardian Analytics shows that the nearly 1,000 questioned SME owners and executives thought that fraud is widespread. Two of every three attempted fraud attacks end in a significant money loss, but the more destructive outcome is the reputation damage caused by a hack, a cost that cannot be quantified.
Even though SMEs face the same threatening landscape as banks and large companies, they often lack the means or knowledge to invest in the necessary measures to protect their business-critical data. Unfortunately, implementing security is seen as buying insurance all too often: SMEs pay for it because it is cheaper than the possible disaster. Instead, they ought to see these problems as a challenge and position security – and in particular strong authentication – as a competitive advantage tool and business enabler.

Strong authentication as a business enabler
The two fictitious scenarios that we have presented manifestly show that a better security system is becoming indispensable for various parties, not only in e-commerce and SMEs, but also in education, healthcare, government and many more sectors. If security measures are not tightened, customers may lose their confidence in the party they do business with, which may have some serious implications.
If a company can guarantee that only the correct people can gain access to particular applications or business-critical data, it will be in its customers’ good books. A step towards that is implementing a two-factor authentication solution in the cloud, which means that it is protected with one-time passwords (OTP), offering more security and convenience. The ease-of-use and effectiveness of OTPs can hardly be denied. One-time passwords are generated by a hardware or software authentication device that generates an OTP or by an authentication application that can be downloaded on your smartphone.
An always-changing password is definitely more secure than a static password, as it can obviously only be used once, so it is useless for hackers to intercept it. Second, OTPs release users of the discomfort of having too many passwords, so they keep the balance between security and convenience. A third advantage is that help desk costs go down drastically. The lion’s share of the help desk calls is related to forgotten passwords, which vanishes when OTPs are used, and with it – the related helpdesk management administration time and costs.
The cloud two-factor authentication solution can contribute to boosting your business, by improving security, enhancing convenience and increasing customer confidence. This contributes to the customer’s pleasant online experience, thus strengthening customer relationships. In short, strong authentication provides a ‘better safe than sorry’ feeling. It prevents damaged reputation and guarantees strong customer trust.

Related Articles

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More