printer friendly version

Maybe it's time to panic

I spoke to someone dealing in identity authentication recently and he was telling me how some of South Africa’s business leaders are dead against the Protection of Personal Information (PoPI) Act. According to these leaders, and I’m not sure that’s how I would describe them, they don’t want to be forced to admit when their systems have been breached and customer data stolen. Apparently that would cause a panic.

I suppose they would prefer to see their poor call centre agents endure heaps of abuse from clients who suddenly discover their accounts have been cleared or their credit limits maxed out. Surely a concerted effort from business to deal with these breaches will deliver better results.

If PoPI is enforced these companies will have to make a plan because they can’t simply fire some lowly risk manager or IT manager anymore, after PoPI it’s the directors who will be held accountable for how they run their companies. I still say that as soon as business people move from a strategy of covering their posteriors to actively looking for solutions to these breaches we’ll have a host of solutions we can rely on. Biometrics is one of them.

In the latest 2013 Data Breach Investigations Report from Verizon, compiled in cooperation with organisations as diverse as the US Secret Service through to the Australian Federal Police (and a bunch of other organisations), it was found that 76% of network exploits were as a result of 'exploited weak or stolen credentials'. Moreover, 75% of these breaches were driven by 'financial motives'.

So a network breach isn’t just an inconvenience, the criminals are looking to make a profit. And for those many companies that think it’s a bonus to allow users to access the work network from home or from their mobiles because they can squeeze an hour or two of extra work out of them, but don’t have the security in place to protect their networks, the report says 71% targeted user devices.

Another fun fact from the report is that 66% of these breaches took 'months or more to discover'. If you like well written and researched horror stories, you can download the report at www.verizonenterprise.com/DBIR/2013/.

Another well written report you get absolutely free of charge is the Access and Identity Management Handbook 2014, which is being posted with this issue of Hi-Tech Security Solutions. We had tremendous support in putting this annual together and we hear it’s the best one we’ve ever done – but then I would say that. My thanks to everyone involved who survived the ordeal.

Please feel free to let me know your impressions, criticisms and suggestions about this issue of Hi-Tech Security Solutions as well as the handbook. Your opinions always help when planning future editions. Mail me at [email protected]

Andrew Seldon

Editor

Share this article:

Further reading: