How easy is it to hack into a bank’s digital assets? It
should be pretty difficult, right? Compared to a federal bank, how secure is
your company? Depending on who you have on staff, the answers might be
surprising.
Hackers and data miners are the bank robbers of the new millennium.
Ever since the dawn of the internet revolution, the world’s corporations have
been at risk to losing money to these new cyber criminals. It’s an issue that
is covered in some regularity by the healthcare industry, but 2012 has seen an
increase in interest from the nation’s financial firms. IT experts and CSO’s,
and company owners are all asking the same question: What is keeping our
investment safe, and how much danger are we really in?
9 times out of 10, the fate of your company’s financial data
lies in the hands of a single word.
The simple password has been a staple of digital security
from the very beginning, but the methods for creating the best security have
changed drastically over the years. Remember when we were all advised to throw
in the occasional capital letter, exclamation point, or string of numbers?
Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice, because you can actually make usable, easy to remember and highly secure passwords. In fact, usable passwords are often far better than complex ones.
Wait, what?
As it turns out, the techniques that the best hackers use to
break into your company’s finances are designed to tackle random strings of
letters and numbers. Chances are, if you randomly typed six letters and numbers
on your keyboard as a password, a hacker could infiltrate your company within 1
month of trying.
 |
| From Baekdal |
Instead, security experts are suggesting combinations of
random words. By putting three words
together, like LightbulbChairWindow, you create a password which is effectively un-crackable. Unfortunately, a smart hacker can just as easily get into your
company’s vault by simply asking the right person.
So what is the solution? A group of scientists and security
experts got together at this year’s USENIX Security Symposium to present a
password so secure, even the users don’t know what it is.
The method is based on something called “implicit learning,” the fact that human beings can learn things without being conscious of it. Think of riding a bike—you can do it effortlessly, but you’d be hard-pressed to explain how. Stroke victims or Alzheimer’s sufferers can learn things implicitly even when their explicit memory is severely damaged.
The new method involves training company users to execute a
specific string of characters by typing them out on a keyboard. After numerous
repetitions, they become faster at typing that string, but there are too many
characters in it for it to be committed to memory. Now, when asked to type a
longer string of random characters which includes the password, they will
automatically type the password string more quickly. The speed at which they
type, rather than the keyword itself, tells the computer that they have access.
It’s a complex, and somewhat confusing strategy, but it seems to work.
For more information on the un-crackable password, click here.
For more of Merrill Corporation’s Cyber Security Month,
click here.
Merrill Corporation is proud to offer XBRL Complete,
a suite of services that meets - and has
options to exceed – the mandated requirements
for XBRL for mutual funds. For more information,
please click here or call 866-367-9110.
No comments:
Post a Comment