Regulation & ComplianceFirms must take blame for security breaches, says KPMG

Firms must take blame for security breaches, says KPMG

Companies that are compromised by hackers can not afford to shift responsibility to customers for “weak” passwords, says security researcher Yiannis Chrysanthou.

Companies that are compromised by hackers can not afford to shift responsibility to customers for “weak” passwords, says security researcher Yiannis Chrysanthou.

Rather than focussing on something the user knows, like a password, they should focus on introducing multi-factor authentication based on something the customer has, like a smartcard, or something a customer “is,” like fingerprint verification, in order to make credential theft and impersonation much harder.

Chysanthou, who is part of KPMG’s cyber security team, made the comments in response to a series of high profile attacks on internet-based businesses.  “Organisations seem to believe that if they force users to pick long complex passwords and then store them only in their cryptographically hashed formats, they are relatively safe,” he said. “The reality is that we hear of password breaches time and time and again, and this needs to change!”

The problem with focussing on passwords, says Chrysanthou, is that these are often encrypted and stored in a database alongside usernames and emails. Once hackers have stolen and published the database, these cryptographic algorithms are often hacked within a matter of days.

Multi-factor authentication will block traditional attacks relying on guessing or stealing a user’s password because the password itself will no longer be sufficient. Of course this extra security comes with increased investment but the improved customer protection makes it viable and valuable,” he said.

 

Related Articles

Which transaction monitoring software is right for my institution?

Regulation & Compliance Which transaction monitoring software is right for my institution?

1m Elaine Dorkham
Bringing cryptocurrency to the front line  

Payments Bringing cryptocurrency to the front line  

4m Karen Vickers
China’s regulatory changes stimulate international interest

Asia Pacific China’s regulatory changes stimulate international interest

5m Michael McCaw
Treasury TV: Yeng Butler compares US and European MMF reforms

Compliance Treasury TV: Yeng Butler compares US and European MMF reforms

5m Victoria Beckett
AccessPay offers free tool to help corporates utilise PSD2

Payments AccessPay offers free tool to help corporates utilise PSD2

5m GTNews
Many treasurers juggle increased GDPR burden with business restructuring

More News Many treasurers juggle increased GDPR burden with business restructuring

6m Victoria Beckett
The arrival of PSD2: views from the market

Banking The arrival of PSD2: views from the market

6m Victoria Beckett
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

6m Alex Kwiatkowski