I
MOREY HABER, CTO AND
CISO, BEYONDTRUST
In the cyber world, we’re exposed to an
onslaught of recommendations and top
lists for improving IT security. They may
have some universal characteristics,
but are infrequently not relevant for
adoption by everyone, everywhere and
at every time. In fact, can you guess
what the number one, universal and
best security recommendation is for
everyone to embrace? Here’s a hint, it
is related to passwords.
To further set the stage for this
recommendation, let’s consider all
the infosec recommendations we
experience on a daily basis. These
include everything from security skills
and cyber-awareness training to patch
FEATURE
demise of email may take a few more
decades to transpire, but this downshift
is well underway. All of this helps further
refine the single best recommendation.
Remember, we need to consider a
universal security recommendation that
translates to everyone.
Fixing an age-old security issue
Regardless of persona at home or at
work, the one thing everyone uses
are passwords. We use passwords for
work, for resources on the Internet, for
We need to consider
a universal security
recommendation
that translates to
everyone.
social media and for our applications.
We use them in the form of passcodes
and PINs for banking, mobile devices
and for office and home alarm systems.
Passwords are ubiquitous and we
use them constantly — even on newer
systems that ironically claim to be
‘password-less’. In these instances,
a mechanism under the hood is still
identifying your access rights and
storing that ‘somehow’.
management. They target problems from
phishing to vulnerability management
but are not necessarily relevant to every
employee within an organisation, nor are
they necessarily relevant to each person
on their personal devices at home.
While it is common knowledge to avoid
email spam, and employees are often
trained on how to identify suspicious
emails and advised not to click on
suspicious links, it is interesting that
younger generations are far less likely to
embrace email outside of the corporate
enterprise. Instant messaging and other
forms of social media are their tools of
choice, which suggests that traditional
email may slowly fade away like postal
correspondence, or the fax machine. The
www.intelligentciso.com
|
Issue 23
The most common storage of any
password is within a single human
brain. We assign a password to a
system or application, recall it when
it needs to be used and hopefully
remember it each time we change it.
Our brains are full of passwords and
often we forget them, reuse them,
need to share them and are forced
to document them on post-it notes,
spreadsheets and even communicate
them via email or SMS text messages (a
very poor security practice).
These insecure methods for creating,
sharing and reusing passwords are
responsible for the types of data
breaches that routinely make the front-
page news, serving as cautionary tales
37