Identity control is IT reality
The identity gap between recognition and response must be closed - and fingerprint recognition narrows this gap.
“It's a chasm at the moment,” said Mark Eardley, channel manager at SuperVision Biometric Systems, speaking at ITWeb's 7th annual Security Summit yesterday.
Corporate cyber crime is evolving and the top threat action is identity exploits.Mark Eardley, channel manager at SuperVision Biometric Systems
He explained that corporate cyber crime is evolving and the top threat action is identity exploits.
“Crime moves with the times and so does cyber crime. Organised villains have gone cyber. Eighty percent of cyber crime is organised crime.”
He added that this is a low-risk bonanza for established villains, and the Serious Organised Crime Agency, in the UK, equates IT crimes with drugs, human trafficking, arms crime, fraud and money laundering.
The agency recently seized 36 criminal Web sites and has to tackle the issue of stolen credit cards and online banking data.
There has been a shift in focus to corporate secrets since the market for card details is saturated, according to Eardley.
He added that secrets are more valuable and attractive, and so there has been a rise in sophisticated, targeted attacks. Symantec used to see more than 100 attacks a year in 2005, but this is now almost 30 000 a year.
The knowledge base has corporate value, and when this is compromised, it puts competitive advantage under threat. The type of information that can be accessed that will threaten this advantage is R&D findings, production processes, formulae, source code, geo-surveys, legal activities, partnerships, contract bids, financing arrangements, deal negotiations, product rollouts, market research, marketing and sales initiatives, pricing structures, financial forecasts and results, and strategic plans, said Eardley.
He also said cyber villains can be anyone from foreign intelligence services and organised crime networks to disreputable, but legit organisations, opportunistic cyber criminals and insiders.
“A very inconvenient truth is that identity exploitation rules supreme. It is the leading cause of security failures. Unauthorised activity is out of control,” said the channel manager.
He cites several examples of proof of this. Earlier this year, R42 million was stolen from the Postbank, after insiders' passwords were exploited to transfer funds.
FNB saw the theft of R27.3 million, when a convicted insider used a key logger to steal colleagues' PINs and passwords. Blue IQ had R450 000 stolen, and auditors found that the CEO's password was used to make fraudulent electronic transfers.
Some R2.84 million was stolen from the Department of Water Affairs, when an IT contractor engaged in password-based fraud, which targeted a total of R12 million.
Eardley said the identity gap between recognition and response must, therefore, be closed.
“SA is a world leader in the use of biometrics. The future must be co-operation and not isolation. There must be an integration of security expertise. Identity control is an IT reality.”
He added that the use of fingerprints allows physical access, cuts losses, reduces risk, has proven ROI, increases security and accelerates processes.
To address the enormous risks associated with cards, PINs and passwords, organisations must authenticate, authorise and audit.