Following a number of high profile security breaches (such as OPM and IRS), US federal agencies have been scrambling to patch their cybersecurity systems after Federal CIO Tony Scott announced a ’30-day cybersecurity sprint’. This has encouraged agencies to ditch outdated, vulnerable security methods such as passwords for enhanced security techniques like two-factor authentication (strong authentication).
The sprint has undoubtedly boosted US Government cybersecurity :
- Federal civilian agencies have increased their use of strong authentication for privileged and unprivileged users from 42 percent to 72 percent– but what about the remaining 28%?
- Specifically, federal civilian agencies increased their use of strong authentication for privileged users from 33 percent to nearly 75 percent – but what about a quarter of users without?
Richard Parris, CEO of cybersecurity firm Intercede, commented on a company helping to protect some of the saviour US federal agencies in the face of more sophisticated attacks.
Richard Parris, CEO of Cybersecurity Firm Intercede :
“The 30-day sprint is undoubtedly a step in the right direction, but the results show that trying to patch up federal cyber security vulnerabilities in 30 days is like trying to heal a bullet wound with a band aid. While the fundamentals of America’s cybersecurity infrastructure are in place, there is still a long way to go before federal agencies are effectively protected against cyber-criminals.
“There is no quick fix, but the first step must be to stamp out reliance on outdated security safeguards. As long as the federal Government continues to rely on easy-to-crack, often forgotten passwords to secure its data, the back door, front door and all the windows to the Government’s data house remain ajar to hackers, foreign governments and other malicious actors. Starting at the weakest point – access – and replacing passwords with strong authentication will help the U.S Government make strides towards reducing the risks to federal data in a shorter period of time. A nation that prides itself on technological innovation must leave the tired and dusty security protocols of yesterday behind and move towards a more comprehensive system that truly protects privacy and secures the information of its citizens.”[su_box title=”About Intercede” style=”noise” box_color=”#336588″]
Intercede is a software and service company specialising in identity, credential management and secure mobility. Its solutions create a foundation of trust between connected people, devices and apps and combine expertise with innovation to provide world-class cybersecurity.Intercede has been delivering solutions to high profile customers, from the US and UK governments to some of the world’s largest corporations, telecommunications providers and information technology firms, for over 20 years. Intercede’s MyID software is an identity and credential management system that enables organisations to create and assign trusted digital identities to employees, citizens and machines and in turn allows secure access to services, facilities, information and networks. MyID adheres to international standards, while remaining simple enough to be deployed onto consumer devices such as smartphones, tablets and other devices in the Internet of Things.In 2015 Intercede launched MyTAM; enabling trusted applications to be loaded into a mobile device’s Trusted Execution Environment (TEE), providing hardware-level security for Android apps. The cloud-based service provides a cost-effective and convenient way for developers and corporations to protect their apps and users’ sensitive data.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.