The security breaches of 2011

2011 presented some fascinating security breaches that could have been prevented. Here are my top three trends, and how to avoid them in 2012!

Online identity and social media sites

The successful launch of Google+, and its privacy feature which allows users to group certain contacts into different “circles”, highlighted not only that there was space for yet another social media outlet, but also that privacy was at the forefront of the debate around social media. The rise of social media has encouraged a culture of sharing, and many people let their guard down on social sites by responding to messages and “friend requests” from people they don’t know. It’s no secret that fraudsters use these details to guess bank account passwords, for example, but what is less known is that we can prevent the criminals from taking advantage of those details by adopting a layered, multi-factor authentication approach up to and including voice biometrics (if appropriate) to verify high-risk transactions.

Hacking

The two dominant game consoles, Sony Playstation and Microsoft Xbox, were both the victims of the hackers in 2011 – proof that fraudsters have not failed in finding new ways to obtain gamers’ bank details. Fraudsters are also becoming increasingly sophisticated at hacking, as the RSA token incident illustrated in March, resulting in a mass replacement of RSA’s SecureID tokens. Another example of sophisticated hacking, was the infiltration of the certificate authority model, when a hacker gained access to four high-profile certificate authorities and issued false certificates in their name. Security technology that protects personal data from hackers will advance, but so will hackers’ ability to obtain those details. As I’ve argued before in these blogs, we need to concentrate on preventing the hackers from taking advantage of other people’s data by adopting strong authentication procedures.

The M words

M is for mobile banking, mobile commerce, mobile payments and mobile malware. 2011 saw smartphone ownership almost double in the UK, according to Ofcom. Smartphone technology has made concepts such as mobile payments a reality, but banks need to step up in securing transactions from fraudulent data use, for example the recent malware attack on Android apps, and man-in-the-mobile situations. A recent FS Tech Security Sentiment Survey revealed that 71% of chief information security officers surveyed believed that the UK was not yet ready for the mobile wallet, citing a lack of security as the major hindrance. Technology for securing mobile transactions, be it m-banking or m-payments, already exists and will only get better, but voice biometrics has an important role to play here, especially for high risk transactions. It certainly beats having to key into your phone a random password generated by your security token whilst walking down the street!