The national economic protection strategy in Germany and real life

When it comes to security, public authorities in any country also want to represent their interests, some more intensively than others. Germany is not lacking in initiatives and organizations that want to help companies in terms of digital security. Unfortunately, the wheels of public administration can turn very slowly, such as the recently unveiled national economic protection strategy shows. In addition to the key associations BDI and DIHK, different security agencies in Germany are involved in the initiative, including the Federal Office for the Protection of the Constitution, the Federal Criminal Police and the Federal Office for Information Security. Announced in August 2013, it took nearly three years until a significant concept was presented this week. On the whole, the national economic protection strategy is not much more than brochures and explanatory films that are intended to raise awareness of security threats among SMEs – not just in the field of IT. Practical measures such as financial support for companies to hire certified security consultants or implement security projects are lacking. Raising awareness of security threats whether physical or virtual through cyberspace is never a bad thing.

Open Haus: Multi-Factor Authentication [VIDEO]

NCP has been present at a number of industry events throughout the year, from it-sa in Nuremberg to SC Congress in New York to INTERFACE in Denver. While these gatherings offer great opportunities for reconnecting with our friends and partners, as well as reaching out to new clients, they also provide an invaluable time for taking the industry’s temperature, so to speak. And if there was one thing we found that was on nearly everyone’s minds this year, it was the growing need for two-factor (or multi-factor) authentication. As data breaches caused by spear-phishing and social engineering tactics have become both increasingly more frequent and more damaging, multi-factor authentication emerges as a common sense solution for reducing the success rate of these cyberattacks. Unfortunately, it’s not as simple as flicking a switch. Cybersecurity budgets may be increasing, but IT professionals are still struggling with the amount of resources they have, and are unsure about where to shift their priorities. How to implement multi-factor user authentication, or how to determine which VPN or defense-in-depth solution offers the best multi-layer fit for your organization, are all pain points for enterprises. How It Works That’s what gives NCP Secure Enterprise Management (SEM) such a leg up on the competition. Unlike other secure remote access VPN providers, NCP’s solution provides integrated multi-factor authentication safeguards to help give your organization greater peace of mind. Protecting login information with just a username and password isn’t safe anymore; it’s all too easy for hackers to guess around these, especially when so many users have simple passwords to begin with. Two-factor or multi-factor authentication setups, instead, require...

CIA Director’s Hacked Email Shows Need for Multi-Factor Authentication

There’s a certain irony to the way the U.S. government approaches encryption and data privacy for its citizens, while simultaneously falling victim to major data breaches itself through embarrassing security lapses. Up until recently, law enforcement agencies like the FBI had lobbied hard for companies like Apple and Google to be forced to program encryption “backdoors” into their services, like iMessage, so that they could listen in on the otherwise-blocked communications of suspected criminals or terrorists. Silicon Valley’s response (and what the White House eventually sided with) was that opening a “backdoor” for law enforcement is tantamount to ultimately opening a backdoor for anyone. The FBI and NSA counter-argued that they would be in control of the keys to those doors, and that user data would be safe with them. That was a hard argument for privacy advocates to accept then, and it’s even less likely to win over anyone now in light of a new data breach scandal. The Guardian recently reported that a pair of hackers managed to access the personal AOL email account of John Brennan, director of the CIA. Not only that, but the data that was compromised through the breach – which included the names, contact information, security clearances and Social Security numbers of around 20 CIA employees – was leaked and published to Twitter. While the contents of these emails were, in Fortune’s words, “mundane” and “peanuts as far as actual revelations and public interest is concerned,” the fact remains that a pair of reportedly teenage hackers managed to hack into the email account of the U.S. Director of Central Intelligence. The joke...

[WEBINAR] Two-Factor Authentication for Tighter VPN Security

If you think that passwords for online profiles are effective at preventing security breaches, consider these two new statistics: The average person has 19 passwords Four in five people say they forget their passwords To counter password forgetfulness, users often take steps that leave network administrators cringing. They may duplicate one password over multiple accounts. They could use birthdays or other numbers that can be easily guessed. Or they might write them down, sometimes in plain sight. Actions like these make it that much easier for attackers to successfully breach a network, and indeed, many recent breaches share a common origin – an employee’s password that was copied, discovered or given away. To counter this wave of password theft, an avalanche of popular sites and apps, including Google, Amazon, Facebook and now even Snapchat, have replaced one-dimensional passwords with a form of user login credentials that help better protect sensitive information. Download Whitepaper Enter two-factor authentication. This approach combines two (or more) methods of credentials authentication to establish the unambiguous identification of each user, including: Something Users Know: Password, PIN, one-time password (OTP), certificate Something Users Have: Token or calculator (with OTP), soft token, text message (with OTP), machine/hardware certificate, smartcard, trusted platform module (TPM) Something Users Are: Fingerprint, face recognition, iris recognition, keystroke dynamics Network administrators have all these options at their disposal, and the idea is to pick at least one form of authentication from two of the lists. An administrator may even pick a factor from all three lists, or combine multiple items from each. With this additional protection, users gain the convenience of anywhere-anytime access without...

Two’s (or More) Company: How to Use Two-Factor Authentication the Right Way

These days, you need a password to access every aspect of your digital life, and we all know how problematic that can be. You can either come up with a unique (albeit difficult-to-remember) password for every website, or use easy passwords, or even duplicates, that leave your accounts insecure. Fortunately, many prominent websites today – Dropbox, Google, Apple, Facebook and PayPal – all support a security approach known as two-factor or multi-factor authentication. And it’s easy to see why. This process enhances security by adding another step (or more) to the user verification process, making even risky passwords much stronger. That’s because in addition to the factor that a user knows (a password), every login attempt requires the user to supply a factor he or she owns, such as a one-time access code or PIN sent to their mobile device via SMS text or email, and/or one that reflects who they are, like a fingerprint. Through this relatively simple extension of the traditional authentication scheme, a lost or stolen password becomes plain useless to a hacker. No successful login is possible without the additional factor or factors. If your security demands are higher than average, it’s also important to generate the second authentication code, or OTP, only when the user has already started the session and the first factor has been exchanged successfully. It might be simpler to implement and roll out tokens with pre-fabricated codes, but this kind of implementation is inherently easier to compromise, but is still almost impossible to break. As a rule, token solutions require a seed that contains the base data for generating the...

Two-Factor Authentication Transforms Even ‘123456’ Into a Secure Password

Since 2011, the same two passwords have ranked as the most common (and worst) among users. Care to take a guess as to what they are? You don’t have to be a savvy hacker to figure them out – “123456” and “password” have again topped the list this year. The good news is the prevalence of these two passwords in particular has fallen quite a bit, from 8.5 percent of all passwords in 2011 to less than 1 percent now. As a password to an individual’s Facebook or Tumblr account, these are probably adequate. The accounts they’re “protecting” are low-profile, unlikely targets, and hackers wouldn’t really gain much from breaking into them anyway. It’s a different story when a user sets up a work-related email or credit card account – much more likely targets of attackers – using these easy-to-crack passwords. Instead of using brute force and repeatedly trying passwords, hackers barely have to break a sweat or exert any effort. They can simply type in “1-2-3-4-5-6” or “p-a-s-s-w-o-r-d” and they’ll be granted entry on their first try. A gold mine of information suddenly materializes right at their fingertips. At first glance, network administrators appear to have a few different courses of action to prevent these types of weak passwords and shore up their network security. They could try employee education – teaching their workforce best practices when it comes to setting up their credentials. Or they could provide them with tools that both randomly generate secure passwords and then store them securely for easy recall. The problem with each of these solutions is that they’re really just temporary...