– Kent R. Schneider, Executive Vice President and Chief Operating Officer of SolPass, says:
Those of us responsible for securing data had better get ready for a tough year. We can bet that the Sony breach signals a continuing pattern of data breaches.
Last year was a breakout year for breaches. The Identity Theft Resource Center (ITRC) tracked 744 breaches in 2014, and 81 million records exposed. It’s no mystery why “60 Minutes” called 2014 the “year of the data breach.” But this year, we might be in store for breaches to become full-on crisis status.
I observe cybersecurity trends from my viewpoint as a professional who’s spent his entire military and civilian career looking after security issues. Here are some trends – both negative and positive – I see coming this year:
- Additional severe breaches. It’s safe to say that the patches and fixes being employed are inadequate, at best. Data breach detection services are necessary, but hardly an effective cybersecurity strategy. We know that hackers are relentless and will find entry into systems that don’t have adequate controls.
- The EMV chip credit card rollout will be newsy, but not impactful. With great enthusiasm, the news media will be covering the replacement of traditional cards with the EMV chip-enabled cards already in use elsewhere around the world. There will, of course, be some benefits from this development, but the EMV rollout only treats a symptom, not the disease itself. EMV will not solve the basic problem of criminals exploiting insecure rights management and access controls.
- Distancing human error from the security loop. Most breaches happen because the wrong people get control of server access credentials and, in turn, have too much access to private data. It’s because most enterprises have ineffective rights management and access controls, which hackers can exploit. In 2015, I predict we’ll be seeing more efforts to lock human error out of the loop through:
- Biometric technology that will assure that an individual attempting to enter a system is actually that authorized person; and
- More sophisticated rights management to keep hackers from uncontrolled access once they’re inside servers.
- Beginning the phase-out of the password. We’ve to begin to phase out our over-reliance on usernames and passwords. Quite simply, these credentials are much too easily lost, stolen or sold. I’m a proponent of biometrically-enabled credentials for each user, and then building in added safety measures, such as encryption, to ensure the valid identity of the user. Security has become too important, and our systems too vulnerable, to be left to obsolete techniques such as the username/password combination. You’ll see progress in this arena in 2015.
In 2015, we’ll see movement toward new technologies designed to strengthen the cybersecurity system. We need more than the monitoring and “patch and pray” approaches we’ve seen recently. Rightfully, consumers and citizens are demanding security for their data. And industry must respond quickly and appropriately.
# # #
Kent R. Schneider is Executive Vice President and Chief Operating Officer of SolPass, a company working to develop the next generation of identity validation and assured access control in government and private computer systems. He is former international president and CEO of the Armed Forces Communications and Electronics Association (AFCEA) and a former Northrop Grumman executive. More at www.sol-pass.com.