IT and security professionals are already well aware of the consequences of not having a firewall or anti-virus software as part of their infrastructure. And similarly, businesses have now matured to a point where they understand the risks that they are exposing to their business if they are only authenticating users with a password. Concurrently, consumers are becoming accustomed to using two factor and multi-factor authentication on Facebook, online banking, web mail, online gaming, etc., and prefer services that have these steps in place to secure their online accounts. This adds pressure on organizations as they cannot ignore this demand for security in the market.
Whitelisting vs blacklisting
In the authentication space, I expect to see a change very similar to the change we saw regarding firewalls. In the beginning of the firewall era, we closed ports as we saw “bad guys” entering through them. At some point organizations got so tired of closing ports that they decided on a change of strategy. So, instead they closed all doors and began to open only the doors that we wanted the “good guys” to use. Today, firewall security is even more advanced; we can e.g. put a guard at the door to check the pockets of everyone we let in. That is the fundamental difference between blacklisting and whitelisting.
Contextual authentication continues to grow in popularity
The same will come in the authentication space. For instance, instead of providing access to everyone to any system from any network, we will begin to restrict which users will have access to which system and from where. As an example, in many organizations you could determine that certain groups of users only needs remote access to Citrix from within their own country, and maybe others only needs remote access from a specific list of countries. I recommend, then, that organizations begin to think about how they can map needed access to systems and data.
Consumers increasingly will want to use mobile devices to access services in the same way they already share data with third parties to access mobile banking, gaming and social apps. This trend will continue to catch on in the market as businesses are increasingly looking for intelligent security solutions that take advantage of contextual factors including GEO-location, time of login, network IP, and system being accessed to determine the level of authentication needed.
Minimize risk and accept threat
This will become a mantra for IT and security professionals in 2016. The need for- and access to- information will become even more diverse. One group of employees might need access to certain systems and applications but only under certain conditions. And the rules are changing much more rapidly. Context will play a larger role in the login process as it allows organizations to minimize risk by segmenting their data.
As the threat increases, cyber insurances will grow in popularity
Companies will look to minimize the impact to their business in case of a cyberattack like they would in case of a fire to their building. Many insurance companies have realized this market potential and are quickly expanding their services to meet this market demand.
Ransomware becoming much more effective
All it takes is a click on a link and your business crumbles. These emails have evolved from poorly translated spam emails to well written, professionally formatted emails in the tone of voice of the brand. A common method for distributing ransomware emails is for the hacker to breach a company via stolen or weak credentials and then impersonate as a valid user to spread the virus more effectively. Again stressing the need for strong user authentication.
[su_box title=”About David Hald” style=”noise” box_color=”#336588″]David Hald is a founding member of SMS PASSCODE, where he acts as a liaison and a promoter of the award-winning SMS PASSCODE multi-factor authentication solutions. Prior to founding SMS PASSCODE, he was a co-founder and CEO of Conecto, a leading consulting company within the area of mobile- and security solutions with special emphasis on Citrix, Blackberry and other advanced mobile solutions. In Conecto David has worked with strategic and tactic implementation in many large IT-projects. David has also been CTO in companies funded by Teknologisk Innovation and Vækstfonden. Prior to founding Conecto, he has worked as a software developer and project manager, and has headed up his own software consulting company. David has a technical background from the Computer Science Institute of Copenhagen University (DIKU).[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.