Biometrics, password managers strengthen identity defence: Verizon Business

Increased use of biometric security and integrated password managers will become essential as users face increasing pressure from spear phishers and other identity thieves who are increasingly running “long game” identity scams, the ANZ VP of Verizon Business has warned.

Speaking during the recent National Identity Fraud Awareness Week and just days before the likely launch of Apple’s OS X 10.9 ‘Mavericks’ operating system, ANZ area vice president John Karabin said that better password and identity management technologies were becoming the de rigeur standard in enterprises and would rapidly trickle to home consumers as awareness and usability improve.

“The use of PKI, smartcards and biometrics are all increasingly being used by our higher grade business and government type customers,” he said. “It’s an inevitable shift that we’re talking about, securing identity at both the government and consumer levels. We all grumble when we're forced to upgrade passwords, but it's enforced for a very good reason.”

The magnitude of the threat against weak access controls was highlighted in the company's Data Breach Investigations Report (DBIR), which noted over 150,000 victims of identity theft in the UK alone last year, with 75% of all fraud identity thefts having an opportunistic nature. The DBIR also found that 76% of data breaches exploited weak or stolen passwords and credentials.

"We're seeing a lot of the basic types of techniques that have been used for a long while to breach the servers or computers that people are using, and then to access that private data," Karabin said.

"People still don't set privacy security settings on their social media services; they don't use firewalls, update patches, or change passwords; and they use the same password for every single banking and online service they've got."

Apple's latest operating system, for example, will incorporate a feature called iCloud Keychain that integrates credit card and password management and encryption features into its Safari Web browser.

The situation is exacerbated by inadvertent breaches of personal information: credit-rating giant Experian, for example, was recently found to have sold bank account and credit card data – pertaining to millions of Americans – to an identity theft service that was selling the information online and was also found to have hacked into a range of bureaux storing other sensitive personal information.

This information is often packaged into identity 'kits' including extensive personal credentials, as was recently uncovered by researchers in Dell's SecureWorks security subsidiary.

Such activities reflect the increasingly sophisticated nature of identity theft, noted Rob Parker, senior security consultant with Verizon Asia Pacific. "It's a commodity in the hacker world to buy and sell malware, stolen credit cards and so on. Criminals keep inventing different ways to do this."

"But they are playing the long game more often," he continued. "They don't actually expose that your identity has been stolen, potentially, for months; they compromise a multitude of other services as they use the time to step up their theft."

Desire to strengthen the protection of such personal information was driving the obsolescence of magnetic-stripe cards, with two-factor authentication on mobile devices providing an important additional layer of identity verification for non-physical payments.

Apple, for example, recently introduced a fingerprint scanner in its popular iPhone 5s, and is expected to extend the technology to its iPad and possibly MacBook ranges in its launch tomorrow.

Samsung is also looking at the technology, with speculation about how it would acquire the technology high and Swedish authorities called in to investigate after shares in Swedish biometrics firm Fingerprint Cards jumped 50 per cent based on a press release that was subsequently proven false.

Such technologies "are appearing more common in their use," he said, "and we're starting to see that level be brought up to meet the threat".

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about ANZ Banking GroupAppleCSODellSamsungSecureWorksVerizonVerizonVerizon Business

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place