I saw a great but scary presentation this week from Kamran Meer, Chief IT Security Officer at Bank Alfalah, the sixth largest bank in Pakistan.
Kamran began by asking the audience if they knew about the Stuxnet attack.
Amazingly, 70% of the audience hadn’t heard of it although maybe it’s not so amazing as this was part of a Middle Eastern conference and the Iran-Israel and MiddleEast-USA frictions are not reported as widely here as they are in the West (or so I was told afterwards).
So, the Stuxnet video made the point that we live in a world where cyberattacks are becoming more and more targeted:
Stuxnet: Anatomy of a Computer Virus by Patrick Clair
That was frightening enough, but that was way back in June 2010.
Since then, malware underworld hacker types have morphed Stuxnet into far scarier attacks.
These start with Government organised attacks such as the Chinese on America with Night Dragon in 2011, and develop into private threats that are very real, such as the Indian attacks on corporate systems around the world in 2013.
The latest is the Heartbleed flaw in the Secure Socket Layer (SSL) that means you think you’re dealing with a bona fide website that is secure and you’re not.
You see the little padlock on the bottom of the screen to make a secure payment, but it’s not secure.
And then you get the advice that YOU MUST CHANGE YOUR PASSWORDS, only to find that you must not change your password until the website has deal with the Open SSL issue.
As my friend asked last night: how do you know whether they’ve been affected and fixed it or not?
Luckily most online companies are making it clear what their position is. For example, from the Daily Wail:
This follows other leaks, such as all Adobe passwords being released online after an attack, along with my story about Aaron Barr that I use regularly in all my presentations.
It just goes to show that the age of the password is over.
What’s next?
Biometrics?
Yes.
Mobile authentication?
Yes.
Something else?
Yes.
Whatever happens, passwords are dead.
Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...
