Blog article
See all stories »

Enterprise Cybersecurity Is Like Building Castle Walls, But Everyone Has A Key

Your company’s systems and network are like a medieval fortress. You’ve built your stone walls, lined them with archers and prepared your pikemen for the threat of an invading force, only to discover the enemy has already infiltrated and killed the king. Why spend all that time strengthening the fortress walls, then giving everyone a key to the castle?

Cybersecurity is one of the main topics on every CISO’s mind. There is an ever-present threat to a business’s digital security that generates an inability to get complete peace of mind with regard to data breaches and cyber attacks. No company wants to be the next victim.

Identity and access management is still built around the username and password architecture, however, a talented team of hackers with the right tools and a little patience will be able to crack even the strongest passwords.

Using such a system, a breach is inevitable, and many companies are missing some key pieces of the security puzzle. Information Security teams need to remember that not all threats are coming through their network from outside sources. For many companies, the biggest threat isn’t a hacker located in an Internet cafe halfway across the planet, it’s their own employees. Between inside jobs and simple mistakes, human beings are fallible, and thus still the biggest challenge that security teams have to tackle.

The only way to eliminate the human factor as a threat is to implement a solution that truly proves the identity of the person logging into the system. Usernames and passwords only authorize access, but biometrics authenticate the human being behind that access request, requiring proof that they are who they claim to be. For any enterprise, this is a critical step in putting real protections in place. Firewalls and other security tools will strengthen the castle walls and are a necessity, but we have to take away the keys to the gates that everyone has and post a guard that knows everyone by name, face, and fingerprint with continuous multifactor authentication using biometrics.

Rather than continuing to put our companies at risk, maybe it’s time to change the way we think about security. You should strengthen the walls of your fortress, but you also need to deploy guards that can actually protect access to the castle.



Comments: (2)

Mark Sitkowski
Mark Sitkowski - Design Simulation Systems Ltd - Melbourne 10 April, 2017, 04:19Be the first to give this comment the thumbs up 0 likes

I think the discussions about the security of biometrics is still continuing at the FBI, since someone stole their biometrics database a couple of years ago. Reverting to username/password for access to the accounts didn't mitigate the fact that border guards in less than friendly countries would always be able to identify the agents.

However, I take the point that The Enemy Within is as much a threat as the Barbarians At The Gates. The real answer, is to have a 2FA system, where the second factor is guaranteed to be unique and, yet, can be replaced if it's lost or stolen. Also, data-at-rest should be protected with an encryption key which is unknown to anyone but the authentication system. I would suggest that a Linkedin post entitled "The Choice of a Second Authentication Factor" will fill in the missing pieces.

A Finextra member
A Finextra member 13 April, 2017, 15:16Be the first to give this comment the thumbs up 0 likes

Hi Mark –

Thanks for your comment (and for the blog post suggestion – I may take you up on that). I agree -  it’s a great topic that needs to be addressed more thoroughly. I even think the next step is to go beyond 2FA into MFA. MFA can be expanded beyond the scope of 2FA to incorporate other authentications methods, like biometrics, to ensure you are who you say you are. It truly allows you to verify, beyond a doubt, that a user is who they claim to be – and to your point, avoid both “The Enemy Within” and “The Barbarian at the Gates and ensuring the authentication measure is relevant to the need, risk, location”