20 July 2018
James Stickland

Biometrics and Banking

James Stickland - Veridium

10Posts 64,491Views 3Comments

Enterprise Cybersecurity Is Like Building Castle Walls, But Everyone Has A Key

07 April 2017  |  9192 views  |  1

Your company’s systems and network are like a medieval fortress. You’ve built your stone walls, lined them with archers and prepared your pikemen for the threat of an invading force, only to discover the enemy has already infiltrated and killed the king. Why spend all that time strengthening the fortress walls, then giving everyone a key to the castle?

Cybersecurity is one of the main topics on every CISO’s mind. There is an ever-present threat to a business’s digital security that generates an inability to get complete peace of mind with regard to data breaches and cyber attacks. No company wants to be the next victim.

Identity and access management is still built around the username and password architecture, however, a talented team of hackers with the right tools and a little patience will be able to crack even the strongest passwords.

Using such a system, a breach is inevitable, and many companies are missing some key pieces of the security puzzle. Information Security teams need to remember that not all threats are coming through their network from outside sources. For many companies, the biggest threat isn’t a hacker located in an Internet cafe halfway across the planet, it’s their own employees. Between inside jobs and simple mistakes, human beings are fallible, and thus still the biggest challenge that security teams have to tackle.

The only way to eliminate the human factor as a threat is to implement a solution that truly proves the identity of the person logging into the system. Usernames and passwords only authorize access, but biometrics authenticate the human being behind that access request, requiring proof that they are who they claim to be. For any enterprise, this is a critical step in putting real protections in place. Firewalls and other security tools will strengthen the castle walls and are a necessity, but we have to take away the keys to the gates that everyone has and post a guard that knows everyone by name, face, and fingerprint with continuous multifactor authentication using biometrics.

Rather than continuing to put our companies at risk, maybe it’s time to change the way we think about security. You should strengthen the walls of your fortress, but you also need to deploy guards that can actually protect access to the castle.

 

TagsSecurityInnovation

Comments: (2)

Mark Sitkowski
Mark Sitkowski - Design Simulation Systems Ltd - Melbourne 10 April, 2017, 04:19

I think the discussions about the security of biometrics is still continuing at the FBI, since someone stole their biometrics database a couple of years ago. Reverting to username/password for access to the accounts didn't mitigate the fact that border guards in less than friendly countries would always be able to identify the agents.

However, I take the point that The Enemy Within is as much a threat as the Barbarians At The Gates. The real answer, is to have a 2FA system, where the second factor is guaranteed to be unique and, yet, can be replaced if it's lost or stolen. Also, data-at-rest should be protected with an encryption key which is unknown to anyone but the authentication system. I would suggest that a Linkedin post entitled "The Choice of a Second Authentication Factor" will fill in the missing pieces.

Be the first to give this comment the thumbs up 0 thumb ups!
James Stickland
James Stickland - Veridium - London 13 April, 2017, 15:16

Hi Mark –

Thanks for your comment (and for the blog post suggestion – I may take you up on that). I agree -  it’s a great topic that needs to be addressed more thoroughly. I even think the next step is to go beyond 2FA into MFA. MFA can be expanded beyond the scope of 2FA to incorporate other authentications methods, like biometrics, to ensure you are who you say you are. It truly allows you to verify, beyond a doubt, that a user is who they claim to be – and to your point, avoid both “The Enemy Within” and “The Barbarian at the Gates and ensuring the authentication measure is relevant to the need, risk, location”

 James

 

Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Latest posts from James

Treating Your Customers Like Criminals: A Zero-Trust Security Model

05 June 2018  |  3116 views  |  0 comments | recomends Recommends 0

Blockchain Is As Fallible, And Guilt-Free, As Any Other Technology

03 April 2018  |  7704 views  |  1 comments | recomends Recommends 0 TagsBlockchainInnovation

Biometrics Swiftly Becoming the Global Standard for Payments

12 February 2018  |  7524 views  |  2 comments | recomends Recommends 0 TagsMobile & onlinePayments

The Problem Biometric Authentication Solves for Financial Services

18 January 2018  |  6337 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineRisk & regulation

Biometrics for the Unbanked

08 December 2017  |  6325 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineFinancial inclusion

James's profile

job title CEO
location London
member since 2017
Summary profile See full profile »
As CEO of Veridium, James is tasked with driving business revenue and investment growth, as well as leading the company's global go-to-market strategy for its flagship solution, VeridiumID.

James's expertise

Member since 2017
6 posts3 comments
What James reads

Who's commenting on James's posts

Behzod Sabirov
Paul Love
Ketharaman Swaminathan