WHAT HAPPENS AFTER A CYBER ATTACK
by Graham Welch, Director Cisco Security Sales for Global Enterprise Theatre
Looking beyond passwords for security is a crucial step in preventing further cyber attacks. Weak passwords such as “123456” are still incredibly popular and it doesn’t take very sophisticated resources to steal data by exploiting password vulnerability. Surprisingly some major websites which store credit card data and other sensitive information still accept weak passwords and one potential reason for this is that they need to find a balance between security and usability. As we all have experienced, overcomplicated passwords tend to be easily forgotten.
In order to balance usability and security and avoid unnecessary security steps, many companies are adopting two-factor authentication or context-based security, where multiple factors and behaviours are considered to determine a person’s identity, other than relying solely on their password. When a user attempts to access their account, the company looks beyond their password at other available information such as geographical location, time and device used and compares it to their previous pattern. If one or more deviates from the usual behaviour, then extra security checks are prompted, such as sending a text with a pin code to a registered mobile phone. However, if both the password and the other patterns match, it is business as usual and the user is let into their account.