Use Russian hackers to demand better security

The hijack of 1.2 billion passwords got the world's attention this week. CIOs struggling to enforce security should take advantage of it, says one expert. Also in Searchlight: Walgreens CFO is replaced and its CIO takes on two IT shops.

1.2 billion: That is the staggering number of username and password combinations a gang of Russian hackers stole from 420,000 websites earlier this week, according to Milwaukee firm Hold Security. News of the breach broke in the midst of this week's Black Hat security conference, where no doubt it is taking up a lot of airtime. But what does the billion-plus headline mean for CIOs?

Well, size tends to get people's attention. "If that number is accurate, it could be anywhere from one-sixth to one-third of the entire Internet's population of users," said Ronald Breaux, head of the privacy and data security Group at Haynes and Boone, an international law firm. He suggests CIOs strike while the outrage is high and hold their bosses and employees to a higher security standard. Now is the time to push for better technology and insist on security compliance.

Step No. 1? Upgrade your company's website authentication systems.

"CIOs need to start thinking about whether a static, two-factor authentication system is sufficient," Breaux said. He's urging companies with very sensitive, accessible data to move to three-factor authentication, with one of the factors being dynamic. This is a model used by many merchants that employ online banking. For example, if you log in from an unrecognized computer, the site will ask you for your cell phone number or email address, and it will text or email you a token number that you will then input into the login screen in addition to your user name or password.

searchcio, searchlight, news, roundup, logo

If your organization is sticking with two-factor authentication, he said, IT must "insist on complex passwords that need to be changed frequently." No one is more vulnerable to a breach than a user who uses the same username and password combination across multiple accounts, Breaux warned -- hackers only have to get to it once. If users are hard-pressed to come up with adequately hack-proof passwords, there are plenty of password-encryption applications or Web browsers that have systems to randomly generate passwords, he suggested.

Insisting on these security upgrades is crucial for keeping the organization relatively protected. Even in sophisticated organizations that have made the shift to a proactive security stance, "it's a constant game of patch-and-protect and staying ahead -- cat and mouse," said Breaux.

CIOs know all this, Breaux said, but many of his clients aren't taking a lot of these proactive steps because "it isn't industry-standard yet," he explained. But people -- including board executives, management, employees -- are realizing their status quo security practices don't cut it.

"The average person knows a lot more about data security than they did a year ago. I think [the conversation] is evolving rapidly," he said. "CIOs probably have as much ability to spend dollars on information security issues than they ever have before."

CIO news roundup for week of August 4

In other news on this 220th day of the year:

  • In the wake of Walgreens' $15 billion merger with Swiss-based Alliance Boots, CFO Wade Miquelon is being replaced and CIO Timothy Theriault (Miquelon's right-hand guy, according to a SearchCIO interview done earlier this year) will head up two IT shops, Walgreens and Boots -- all this amid company plans to cut $1 billion in operating costs. It will be instructive to see how IT helps make this happen.
  • It seems the airline industry isn't immune to cyberattacks, either. A cybersecurity researcher has figured out how to breach passenger jets through vulnerabilities in their Wi-Fi and in-flight entertainment systems.
  • Google's purchase of smart messaging app Emu could kick your chats up a notch: With contextual intelligence, it offers useful suggestions mid-conversation based on your personal data. Helpful, or the next level of creepy?
  • Thanks to an "accidental" discovery by a 25-year-old astrobiologist, we might soon be able to charge our portable devices wirelessly, using ultrasonic waves.
  • Monkey see, monkey take a selfie -- and own the image's copyright? Wikimedia says yes, to a U.K. photographer's dismay.

Check out our previous Searchlight roundups: Are CIOs standing in the way of a proactive security strategy? and Enterprise mobile now moves at Uber pace on SearchCIO.

Next Steps

Walgreens CFO on the journey to strategic technology

The hidden costs of payment card breaches

CIOs prove that strong security is a competitive gain

Dig deeper on Enterprise information security management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Francesca Sales asks:

Is your security budget increasing in 2015? Give us the details.

0  Responses So Far

Join the Discussion

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close