‘I will eliminate passwords’ in 2017

Security pros share New Year’s resolutions

resolution primary

Sticking with your promises

Like anyone else, security experts set up resolutions they hope to conquer in the new year. Now the question will remain, will they be able to follow through on them or -- like that diet people promised to hold to – will they go back to the same old habits.

New Year\'s resolutions

Close the gap between security and the data

Chanel Chambers, director of product marketing, Citrix: 

Cloud and mobile adoption is making it difficult for traditional security solutions to address data security. To secure the data, we need to bring security closer to the data. This can be accomplished by employing Information Rights Management (IRM) by packaging security with the data. In addition, organizations moving their data and workloads to the cloud will find it difficult to apply the same security model with their on premises solutions. Organizations should be looking to invest in cloud solutions that have security built-in and invest in cloud aware security solutions.

New Year\'s resolutions

Detect unknown attacks earlier, before they cause damage

Matt Rodgers, Head of Security Strategy, E8 Security:

If we wait until the damage starts to begin our investigation and response procedures, it’s already too late. We can catch the unknowns earlier if we stop looking for the threat itself, and start looking at abnormal behaviors of our internal resources – these are typically early warning signs that there’s some kind of threat to the business. Keying in on these behavioral signs can help us catch and eliminate threats inside the network before anything bad happens.

New Year\'s resolutions

Get more value out of our existing security technology

By using all the log data that our endpoint, network, and user access technologies yield within a behavioral analytics platform, we’re able to increase the value of those technologies. They’re helping us defend our company’s assets in ways the vendors never expected, such as detecting suspicious behaviors and interesting patterns, both currently and in the past, and showing us a seamless view of our organization’s digital activity.

New Year\'s resolutions

Develop a plan for integrating IoT into security policies, and develop a strategy for managing the impact of all those devices

Geoff Webb, VP of Strategy, Micro Focus: 

IoT devices are going to quickly dominate the cybersecurity conversation. With their capacity to form ad-hoc networks, gather information, and potentially be subverted by attackers for a variety of purposes, smart devices will be the front line of risk and vulnerability during 2017. CISOs shouldn’t adopt a “sky is falling” attitude, but they should be very clear in thinking through how they will assess the risk to their business from IoT fixtures, sensors, and wearables, and how they will communicate that risk to their stakeholders so that the right decisions can be taken early. While a lot of the security basics will still apply, some new approaches will also be needed, and employee education is going to be central to heading off any risks to data and systems early.


Resolve to eliminate usernames and passwords

Scott Simkin, senior threat intelligence manager, Palo Alto Networks:

With the rise of software-as-a-service (SaaS) applications, users have been trained to input their credentials into cloud-based authentication sites to access critical services, offering a golden opportunity to spoof these systems and trick users via a phishing email to hand over their valid credentials. Despite years of warnings, people continue to use the same username and password for multiple accounts. It’s time to dump those usernames and passwords. In 2017, the industry must resolve to bid farewell to using usernames and passwords and adopt ID verification methods like multi-factor authentication and biometrics. Leading device OEMs, service providers and financial institutions have already started using them; the rest of us need to get on board, too.


Gain password weight

Ruchika Mishra, senior product marketing manager, WhiteHat Security:

The #1 New Year’s resolution year after year is “lose weight”. When it comes to your health, that is great, but not so much for your cybersecurity health. We are all guilty of using passwords that are easy to remember and when forced to use numbers, we add 123 or some such equally simple variation to it. In the event of a brute-force attack, where the attackers systematically check all possible combinations of words and numbers to guess the password, the shorter and simpler your password is, the easier it is to guess. This year, I am resolving to gain password weight by making them longer, meatier, and more complex to make them exponentially harder for brute-force algorithms to crack.

New Year\'s resolution

Have a “serious” browser and a “fun” browser. Keep them separate

Zach Jones, senior manager, Threat Research Center, WhiteHat Security:

Many attacks on users including actual “hacks” and social engineering attacks rely on the victim being already logged into some valuable website; your bank for example. Social media and online advertising are great platforms for malicious actors to spread these attacks, however if you’ve never accessed anything worthwhile in the browser that is being attacked, the exploit will fail. Install at least two modern browsers on your system. A “serious” browser should be set to automatically delete cookies, cache and other stored data every time it is opened or closed. It is also helpful to install some privacy plugins like ad, script, and active content (Java Applets/Flash) blockers. Only do “serious business”, things like accessing sensitive work websites and banking in this browser, logout of the site, and then close the browser immediately. Have a second browser with all the nice conveniences, for your fun online activities. 

To add your resolution, go to our Facebook page.

Copyright © 2017 IDG Communications, Inc.