Authentication Adaptability: Survival is Key
Filed under: Authentication Trends, General Information, PortalGuard, Uncategorized, compliance
“It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” – Charles Darwin
As Charles Darwin has put it so eloquently, facing change by adapting to it is how you survive. This can easily be translated over to authentication and the principles behind strengthening authentication to adapt to changing circumstances.
The idea is that change is inevitable and businesses will be weeded out by their ability to adapt. With authentication and security this is an ongoing challenge facing businesses in the form of regulatory compliance, authentication trends and ever increasing attacks.
Although this is primarily experienced across most industries it is an ever pressing issue on the financial, insurance and healthcare industries. These industries are heavily regulated and thus subject to constant compliance requirements. Also they are huge carriers of personal information and data making them huge targets for evolving attacks and identity theft.
Some of the more prevalent attacks include:
- Phishing
- Malware
- Keystroke Loggers
- Session Mismanagement
- Fraudulent Droid apps
- Chat-in-the-Middle
- Spoofing
- Vishing
- Smishing
- And many more…
An adaptation example, in the financial industry, has been the popularity and increasing use of online banking. Although it is extremely convenient for the end-users, the question is how will the financial industry adapt their authentication to protect users’ extremely sensitive data out on the internet?
In order to adapt financial institutions follow the FFIEC guidelines, implement multi-factor authentication and stronger authentication such as one-time passwords. The financial industry is required to have a high level of data protection and therefore is leading the way in authentication and security. By reviewing vulnerable industries it is a great way to understand where to set the bar for your required level of data protection.
The Trojan Horse: Sneaking Past Your City Walls
Filed under: Authentication Trends, Data Security, General Information
For centuries the Trojan horse was a weapon of war; a historical piece of trickery and deceit, which was used to bring down the City of Troy. Now in this century, when searching the term Trojan horse, the first result to appear is about the technology verison of the Trojan horse. As many of us know malware stands for malicious software. The vehicle in which it obtains its unwanted access is the Trojan horse programs. These carriers are great at disguise, trickery, and breaking down the walls of your personal identity and even financial status.
Recently a new Trojan horse program has appeared, and has many concerned. Trojan Horses, as many of us know, are invasive, but this new one goes beyond that, targeting specifically financial institutions and Internet Explorer users. The new name to fear: W32.Silon. With the target of financial institutions, Silon can intercept Internet Explorer sessions, and steal credentials. Many say this attack has two heads, the generic Trojan horse approach into all applications, and then the financial focus.
When it comes to logging onto your bank account online, that is when to watch out. The Silon Trojan will intercept between the token protected financial sites and the user, putting up a façade that looks like their normal login screen. This allows them to transmit your credentials to hackers, to be able to obtain your financial data, and reap the rewards. The main thing that is clear about this attacker is that it is following and changing wih the authentication trends. With more advanced authentication techniques, attacks are becoming more and more sophisticated. The Silon is a prime example, as it attacks the two prong stronger authentication methods with ease. Bank accounts beware!
For more information check out these links:
http://en.wikipedia.org/wiki/Malware