Be the first to like this
The majority of cyber attacks against organisations and peoples start with general data about their targets, or very specific data, about one individual who can be used as an access portal to everyone, and everything! Sadly, the majority of attacks appear to be founded on known and published, or simple/very weak passwords that here easy to guess or crack with modest tools.
“I think we can safely assume; ‘Joe Public’ has little knowledge of cyber-security and even less inclination to engage in good security practices. And so, we have a ubiquitous security risk at every level of society with no hope of curing the problem through education and training”
This is compounded by vast libraries of professional papers, web sites, and industry studies that proffer a somewhat confusing range of guidelines and advice largely invisible to, and unhelpful for, the lay population. Probably the ultimate long term solution, in the face of an enemy that is becoming more sophisticated, powerful, and determined by the day, is the full automation through built in biometrics based on face, hand, finger, voice, typing patterns et al. plus a PIN and simple password/’n' factor authentication.
For sure we need an industry based fix; and probably in the form of ‘security as a service’. In the meantime, this presentation addresses what it takes to create ‘fit-for-purpose’ passwords at a device level and on up through Cloud Working. The techniques and guidelines give an assured security spanning trivial documentation through to financial services and state secrets applicable for 2019/20/21. For 2021/22/23 it would be prudent to reassess the advance in attack technologies and techniques, and the change in the success statistics of the Dark Side. It is quite likely that passwords may need strengthening by the addition of additional characters in some cases.
Links to associated/related/earlier slide sets are also provided.