The comment comes from Geoff Webb, senior director, solution strategy at NetIQ, the security portfolio of Microfocus. Geoff is an IT security and password expert, while NetIQ provides software for identity and access management, so he is very well-placed to comment here.
“This isn’t an attack that relied on a technical weakness in a set of systems – there wasn’t some unpatched bug, or a weakness in the network. Rather this is entirely more sobering and frankly more worrying, because this was a failure in the very way we all prove who we are online. This was a failure in the process we use everywhere and every day to connect, and authenticate, to online services.
“As breach after breach has revealed more and more information about consumers, not just in the US, but globally, so attackers have been able to build up increasingly sophisticated pictures of our personal lives and information. In this case, this has allowed them to successfully impersonate private individuals as they connected to one of the most secure government service sites online.
“We’ve been saying this for a long time – that we need to move beyond simple passwords and “personal questions” to verify who a person is, simply because too much of that information is now available to everyone. This hack is a clear example of what will happen if we don’t evolve quickly to improve how we authenticate – using more factors such as behavioural, biometric, and physical tokens.
“It’s time – and the attackers know it.”
By Geoff Webb, senior director, solution strategy, NetIQ
BIO : Geoff Webb has over 20 years of experience in the tech industry and is the Director of Solution Strategy at NetIQ. He is responsible for the NetIQ Information Security, Identity and Access and IT Operations Management solutions.Webb joins NetIQ from Credant Technologies, where he led marketing around their data protection and encryption management solutions. Previously, Webb also served as a senior manager of Product Marketing at NetIQ, and held other management positions at FutureSoft, SurfControl and JSB.Webb often provides commentary on security and compliance trends, and has written on a number of related topics for such journals and websites as: USA Today, CIO Update, Healthcare IT News, The Tech Herald, Compliance Authority, Virtual Strategy Magazine, TechBlind,Internetnews.com, e-Finance & Payments, Law & Policy, Dark Reading, BankInfoSecurity.com, Payment News, Wired and InfoSecurity.com, among others. He holds a combined bachelor of science degree in computer science and prehistoric archaeology from the University of Liverpool.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.