The securing of IT systems has never been straightforward but the increasingly sophisticated nature of the cyber threats that stalk IT systems today is putting even greater pressure on organisations to lock down systems and sensitive data. A major question is how long it will be before the de-facto standard authentication technology — the password — has reached its sell by date. The nature of hacking has changed significantly in recent times. Today hacking and other computer threats are operated with criminal intent to make money rather than being an ego trip or profile raising exercise. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe These developments are now tightly coupled with criminals now exploiting strong social engineering elements, from a user trading a password for a bar of chocolate in railway station survey, up to sophisticated targeting of individuals. Password vulnerable The vast majority of users still log on to their PCs with their access to enterprise systems, applications and data, via a password. This method has never been recognised as being particularly secure. Users like to employ simple passwords or ones that anyone with a little personal knowledge or some simple password generator software could crack quickly. Most systems can now be set to block the use of simple passwords but when this occurs users frequently complain about the complexity they have to use and often resort to writing it down on a convenient sticky note placed under the keyboard. There are a number of other ways that a second authentication factor can be brought in to play. For example, one-time token generation devices are widely available and relatively straightforward to implement. Sending the user a onetime code to their cell phone via SMS is also on the increase. Clearly the base-level of security needs to improve. The resources to do so are now widely available and most are reasonably reliable. Many devices now come equipped with smart card slots or finger print scanners, either or both of which can significantly enhance the security of the device. The important thing is that users understand why they have to put up with using a second factor to authenticate themselves. The education of users is probably the single most effective thing any organisation can do to improve the security of its IT systems across the board. Let users know what they can and cannot do and take the time to explain why these rules and procedures are in place. Until such education is undertaken many users simply do not regard IT security as anything serious about which they should be concerned. The pressures on business to improve all aspects of IT Security are now so intense and all encompassing to make the implementation of multi-factor authentication an imperative. Each company will have to assess exactly what it has deployed, who is using which system and how they can be better secured. Audit, evaluate risks, implement solutions, educate. Then monitor processes and record. Beyond this, it is becoming clear to more advanced organisations that even the most resilient front door locks can only be part of the package needed to ensure better security. There are clear benefits to supplementing access controls and authentication with other monitoring tools and processes. Activity monitoring On the premise that nothing is totally secure it is advisable that companies implement some form of post log-in user activity analysis in order to detect when abnormal work patterns occur. Such deviations may indicate that a security breach is in progress. It is also time to look at putting in place more sophisticated control mechanisms on the data itself, including restricting who can export data from central systems to spreadsheets and what attachments can be sent out of the company by email. These steps require careful consideration given how dependent many business processes are on email and spreadsheets and the associated manipulation of data to provide operational insight and direction. The time for doing nothing on passwords is coming rapidly to an end. Criminals know how to manipulate human trends to exploit weaknesses. Tony Lock is Programme Director at Freeform Dynamics Pic: burgundaviacc2.0 Related content opinion The changing face of cybersecurity threats in 2023 Cybersecurity has always been a cat-and-mouse game, but the mice keep getting bigger and are becoming increasingly harder to hunt. By Dipti Parmar Sep 29, 2023 8 mins Cybercrime Security brandpost Should finance organizations bank on Generative AI? Finance and banking organizations are looking at generative AI to support employees and customers across a range of text and numerically-based use cases. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Sep 29, 2023 5 mins Artificial Intelligence brandpost Embrace the Generative AI revolution: a guide to integrating Generative AI into your operations The CTO of SAP shares his experiences and learnings to provide actionable insights on navigating the GenAI revolution. By Juergen Mueller Sep 29, 2023 4 mins Artificial Intelligence feature 10 most in-demand generative AI skills Gen AI is booming, and companies are scrambling to fill skills gaps by hiring freelancers to make the most of the technology. These are the 10 most sought-after generative AI skills on the market right now. By Sarah K. White Sep 29, 2023 8 mins Hiring Generative AI IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe