Here’s a fact: the bad guys know who you are and they know how to open the doors to even your most sensitive secrets.
The widespread use of social media means that virtually everyone has some public presence online. If you use Facebook, LinkedIn, Twitter, Instagram, Pintrest or any of the other hundreds of social media outlets then this means you!
The problem is that everything about your online identity is protected by something you know. A username, a password, an email address, the name of your first girlfriend or boyfriend – you get the idea. And if you know something, so can the criminals with enough perseverance and a little trickery. In seconds, your bank accounts, personal e-mail, Facebook, and more all laid bare while you remain blissfully unaware.
Here’s another sobering truth: According to a recent report, cybercrime cost the global economy more than $400B in 2014. If you find that figure astonishing, the report by security software-maker McAfee and the Washington think tank Center for Strategic and International Studies calls it a “conservative” estimate. The upper end of the range is $575 billion. Losses connected to personal information, such as stolen credit card data, was put at up to $150 billion.
The numbers show a harsh reality as cyber crime incidents have increased nearly 7 fold since 2006 and show no signs of abating. Nearly two-thirds of all U.S. firms have reported that they have been a victim of a cyber attack.
The recent high-profile cyber attack on Sony Pictures illustrates just how poorly prepared even large corporations are to adequately protect their most valued secrets. Included in Sony’s stolen data were information on unreleased films, executives’ salaries, private e-mails, and even passwords. Passwords?! Surely, only morons would keep sensitive passwords in a document stored on their network? If you’re a business owner of a company with more than a handful of employees and think that scenario is unique to Sony, go take long look in the mirror.
The security of data stored on your network is only as strong as it’s weakest link and for most firms that is the user’s username and password. Let’s face it; the endless list of usernames and passwords we all need to remember has simply become a pain. It’s one of the reasons people resort to writing them down, sticking them on a post-it note under their keyboard, or adding them to an electronic note pad.
The more tech savvy folks out there might make use of one of the many excellent password managers on the market, including myself. A good password manager makes safely insert sarcasm storing and remembering passwords a breeze. Let’s think about this for a moment. All your most sensitive information protected by a single “master password” and probably stored in some nameless cloud so you can keep all your devices synced. What happens if your master password is compromised? How do you know if your data is safe in someone else’s cloud? Are password manager services that aggregate passwords for thousands of customers, in fact, making themselves a bigger target for criminals? Suddenly things don’t sound so safe and secure.
The issue is that our current model of protecting sensitive information is fundamentally flawed. A username and a password – what you know – is a critically weak link in the chain.
Finis Conner, the co-founder of Seagate and found of Conner Peripherals, distills user authentication down to three fundamental pieces of information:
-
What you know? Usernames, passwords, pin codes, etc.
-
What you have? Hardware or software token generators such as RSA, Google Authenticator, etc.
-
And who you are? Biometrics.
Technology has progressed to the point where it’s now practical to eliminate the use of usernames, passwords and pin codes or, at the very least, minimize their use. We can finally move away from “what you know” as the key to opening the door.
Biometrics are increasingly being integrated into mobile phones, including finger print scanners and the ability to support facial, voice, signature, and other types of biometrics. What’s needed is a safe and secure solution for storing your sensitive information that keeps it firmly in you control. Smart cards offer the perfect platform to integrate the needed storage, processor, hardware-based encryption, wireless communication, and operating system to securely store sensitive data. Essentially, a smart card that is a fully functioning computer but fits into a form factor the size of a typical credit card.
BluStor, a technology startup founded by Finis Conner, has recently introduced just such a product as part of a Indiegogo crowd funding campaign. CyberGate is an open platform, being developed as an adaptable solution that meets both immediate needs and will evolve well into the future.
Check out the BluStor CyberGate crowdfunding campaign on Indieogo where you can pre-order your own biometrically secured smart card.
In terms of the integration of so many capabilities into a single smart card and being marketed as an open platform, it’s a first for the industry that I believe holds tremendous promise.