The US government has recently announced that it will be implementing an expansive and comprehensive initiative to integrate a “zero trust” strategy into all agencies. But what exactly does this mean? It’s a goal to introduce better, more secure multifactor and cryptography-based authentication into existing government agencies, which means more security identity checks but fewer obstacles.

Nothing Is Taken For Granted

As the name implies, the “zero trust” strategy works under the assumption that no one should be taken at face value without verification. In this case, however, verification may occur multiple times through different mechanisms and security features, which is a foundation concept of multifactor authentication combined with cryptographic key pairs.

In a traditional “trusted” security system, one verification is enough. The conventional single-password system is a good example of this. A manager, for example, may have complete access to employee records, employee data like bank account numbers and social security numbers, and even credit numbers and mailing addresses of customers via purchasing database. Complete access and control to all this data are granted through inputting the correct password, which could be as complex as a random string of alphanumeric characters or as simple as the manager using the word “password.” Should that single password ever be stolen or guessed by a criminal, all that access and control, the manager has is now transferred to someone else. In some cases, a password isn’t even required. As long as a person logs into a manager’s desktop computer in the office, complete system, network and data access is granted.

The zero trust strategy makes none of these assumptions, and cryptographic multifactor authentication is a cornerstone of this philosophy. Depending on how extensive the zero trust implementation is, it’s not enough to verify a person’s identity logging in. Even the type of connection and device used for the log-in may also need to be confirmed. The person’s identity is then continually checked for high-value events like accessing sensitive data or conducting a payment transaction.

This is especially important in an age where cloud storage and cloud computing-based applications make it possible for a legitimate user to access software and data anywhere. Multi-factor authentication allows someone accessing confidential data from within their own office at corporate headquarters to quickly do the same thing in Japan from their company-issued smartphone. The key difference is that now, even if someone’s password or smartphone is stolen, the cryptographic-based multifactor authentication philosophy of zero trust now has safeguards to prevent one, two, or even three pieces of stolen verification from being enough.

Multiple verification systems can be fast and easy without being cumbersome through biometrics, digital keys, and other design innovations. Learn more here about how Nok Nok’s modern identity and passwordless authentication technology protects today’s multifactor security measures.

One of the biggest liabilities of relying on a single-password system is granting unprecedented control and access to anyone who knows that password. Unfortunately, the only way to reduce the chance of a password being stolen is to make passwords easier to remember, thus making them easier to guess or figure out through criminals’ increasingly more sophisticated and automated methods.

Conversely, making passwords harder to guess through a string of random alphanumeric characters makes them slow, difficult, and inconvenient to use, eliminating their efficiency while at the same time still retaining the risk of relying upon a single password alone to grant access.

FIDO Improves Security With Passwordless Authentication

An alliance of global companies has now joined to form an organization known as The FIDO Alliance, which stands for “fast online identity.” The FIDO protocol creates a compatible cryptographic standard across devices and software platforms to ensure these cryptographic measures are interoperable across browsers, platforms and devices. The goal of FIDO is to enable phishing-resistant passwordless authentication systems while also making user experiences frictionless and seamless.  These modern security technologies make user access faster, easier, more efficient, and more secure than legacy systems based on the collection, storing an input of personal secrets and information like user’s name and password.

FIDO is doing this through a dual-key based authentication system known as key pairs that use asymmetric encryption methods and offers 2-factor authentication in one encrypted user step.

More Than One Mechanism

Symmetric encryption is something most people are familiar with. Something is encrypted or “locked” using a single device, such as a USB key with data on it. Data is encrypted, inaccessible, and unreadable if the key is present. When that same key is present, the data can be accessed and is decrypted so it can be read.

Asymmetric encryption relies on two keys. One is a “public key” that allows users to choose the form of encryption for the data to be protected. The second is the “private key” that must be present for the decryption to take place. 

In other words, even if the public key is duplicated or stolen, it only grants access to the data. The data still can’t be read because it requires the presence of both the right public key and its pair, the private key, to access the data or access software services. The combination of a FIDO key pair system creates an easy passwordless authentication system that eliminates the inconvenience of creating a strong, hard to remember string of random alphanumeric characters and also does away with the knowledge-based authentication system, such as asking people what their mother’s maiden name was for a hint, which could often be gleaned through searching public social media profiles and posts.

If you’re interested in using the FIDO protocol and moving to a passwordless identity and authentication system, read here to learn more.

As the 21^st century processes its first major military engagement with the Ukrainian defense against Russian invasion, it has also revealed that digital warfare plays an important role. Unfortunately, cyber security warfare does not restrict itself to only military targets. This is something that both Ukraine and allies worldwide—including the United States—are now discovering for themselves.

As a result, the Whitehouse has now declared that it will be moving forward aggressively to implement a “zero trust strategy” in the computer networks of all relevant agencies and organizations.

Never Trust and Always Verify For Cyber Security

Ironically, the zero-trust strategy has its roots in the Russian proverb, “trust, but verify.” The implication is that even if you have a person or thing that you trust, you should always take the time to verify that who you are dealing with is who you are expecting.

In terms of cyber security, a zero-trust strategy means that even if a person, account, or piece of hardware previously accepted by a network’s infrastructure is legitimate, there should still be verification of the  authenticity of the user. This is a security protocol that is even more important in today’s wireless world, where a legitimate user can potentially log in from any device anywhere in the world. It’s one thing to have a recognized user come into a secure building with staff that identifies them, and go into their own office and use their computer inside a secure network. It’s a different matter when that same person claims to be logging into a secure database using a smartphone in an entirely different country without any user identity checks along the way.

A Comprehensive But Worthwhile Effort

The initiative to bring multiple government agencies into a modern, zero-trust compliant security framework will not be fast, cheap, or easy. Each agency already has its own established conventions and protocols, so there will have to be a lot of adaptation and evolution to respect the needs of the different organizations.

However, the American government’s willingness to commit to Zero-Trust architectures speaks volumes of the nature of cyber security in the 21^st century. With the continued reliance on easy access anywhere in the world, cloud-based storage and applications, multi-factor authentication, and other elements of the zero-trust strategy have become essential. A single password, once stolen, can surrender vast amounts of data and system control. Multi-factor authentication, cryptographic keypairs and the zero trust strategy ensure that there are extra safeguards.

Modern identity and cryptographic multi-factor authentication is one way to improve your cyber security. Learn more here about Nok Nok’s modern identity and passwordless authentication technology and how it protects multifactor security measures for more peace of mind.

There is both an enormous amount of convenience and speed in using digital payment systems. For the general public, online payments through credit cards or even cryptocurrency enable customers to buy products worldwide that they might otherwise not have local access to. For businesses, online payments negate any possibility of fraudulent payment through counterfeit cash. Every transaction is a legitimate one that uses real funds.

However, just because the actual transactions are legal and legitimate doesn’t mean the person making the purchase is. This is where payment fraud through online transactions is on the rise due to breaches in cyber security.

Identity Theft and Account Takeovers Lead To Payment Fraud

The way payment fraud occurs today has shifted away from traditional strategies like printing counterfeit money and using that false cash to make purchases. Today’s digital criminals look for vulnerable accounts, seize control of them, and then use the funds or payment system associated with those accounts to make purchases. In other words, the money is real, and the account is legitimate, but the person using the account has stolen that access from the rightful owner or is using the account without the owner knowing it.

This results in the victims eventually receiving receipts and other proofs of payment for purchases they never made. It is the cyber security equivalent of someone having their wallet stolen and then the thief using that cash to make purchases.

Rising Fraud

Payment fraud is on the rise in a few key areas, most notably:

• Digital Wallets
• Payment Service Provider Transactions
• Cryptocurrency Transactions
• Buy Now, Pay Later Transactions
• Loyalty Reward Points

Billions of dollars in payment fraud occur every year, and one of the reasons for this is the inadequacy of legacy security systems. A single password-only security system, even with multi-factor authentication enabled, is incredibly vulnerable, especially if a careless customer uses an easily deciphered password. Even when a strong, single password is used, criminals use of “keylogging” can defeat this.

Multi-factor authentication is one addition way to “harden” a system against this type of identity theft. These cyber security measures use additional cyber security components, such as physical-digital “keys” or biometric authentication to add stronger layers of security. Even if a password is stolen, the password alone won’t grant access or control of an account without the additional authentication factors.

The challenge, however, lies in ensuring that cyber security measures provide protection without obstruction. If a security feature makes it too difficult to make a purchase, it does more harm than good. This is where initiatives like Nok Nok’s use of FIDO protocols play an important role. Read here to learn more. 

Despite the careful language of special military operations being used, the undeniable fact is massive military forces have been directed to invade—and in some cases destroy—vast tracts of Ukrainian land. There is now a war raging between the beleaguered nation of Ukraine and the Russian aggressor, but as a key supporter of the Ukrainian defense, America and its businesses are at risk of attacks on their cyber security.

A Battle With Precedent

Ukrainian digital infrastructure has already shown the effects of cyber-attacks. There have been breaches in everything from their electrical infrastructure to transportation-related networks. Over the years, Russia has tested the boundaries of breaking American cyber security, and the US has in turn responded.

However, with open warfare between one country and another, the world is now seeing how the digital space has become a second battlefield, often with secondary but important consequences. And while the United States is not directly participating in the war, its role as a major supporter of Ukraine has put the American digital space in the target sights of Putin’s “gangster diplomacy.”

What To Expect

Four sectors are traditionally the most likely targets for attacks on cyber security. Finance is a surprise to no one, as Russia is now the victim of history-making sanctions. The energy sector is another, as incursions seek to either seize control or lock legitimate users out of power generation. Transportation and aviation are other sectors, as logistics always plays a crucial role in any successful plan or operation.

However, it is crucial to note that Russian cyber-attacks are not just attacks of a deliberate strategy; they are also attacks of opportunity. Russian attacks are not necessarily conducted by individuals targeting only specific, named targets. They actively hunt for vulnerabilities anywhere and will exploit them if found.

This is where reliance on a single-password-only and knowledge-based cyber security system can expose serious vulnerabilities for any business. Multi-factor authentication systems, or even passwordless authentication systems that use other measures like cryptographic biometrics, increase the trust and safety of systems by orders of magnitude. Passwordless systems have no password to be stolen, and for multi-factor authentication systems, a password being compromised no longer means systems and access and control are given. Without those additional factors, such as a one-time randomly generated code, or the detection of a physical-digital key, a system remains inaccessible.

If you’re interested in transformational change to your cyber security, learn more about Nok Nok’s modern identity and passwordless authentication technology, and cryptographic multi-factor security measures for better protection and greater peace of mind.

In recent years, one of the most popular growing trends in finance and technology is the use of “cryptocurrency.” This is a form of digital money with no physical or historical legacy basis in the way that fiat currencies like the dollar possess. Cryptocurrency exists as computer code shared across the Internet, meaning that its value is constantly confirmed and re-confirmed by the entire Internet, making it both easy to transfer and impossible to counterfeit. It is also deregulated and not under the control of any nation or bank, making it an asset that no government can control.

However, this rising popularity has also put it under more scrutiny. The US government is now laying the groundwork to regulate cryptocurrency, and part of the issue is the growing concerns about the cyber security around crypto. It is now experiencing a high rate of theft.

Account Theft

While cryptocurrency can’t be counterfeited the way dollar bills can, it can be stolen more easily than a fiat currency in some respects. One of the popular misconceptions of cryptocurrency is that transactions are extremely difficult to trace, and therefore it has become popular for illegal transactions. However, the fact that crypto-transactions are immutably stored on blockchain makes cybercriminals and theft easier to trace.

However, there is a serious cyber security issue with cryptocurrency, and that is the actual seizing and controlling of an account can be very easy. Depending on the safeguards a cryptocurrency owner takes or doesn’t because they are based on traditional web technologies, crypto accounts can be stolen and the funds transferred elsewhere. In addition, today’s crypto accounts are also vulnerable because a single crypto key is used for both a user’s identity and their account e-wallet address 

Passwords Are Not Enough

One of the ways that cryptocurrency may be extremely vulnerable is if owners leave the security of their currency up to a single password. A single password, once figured out or stolen through methods such as phishing, means the account’s control can be seized, the legitimate user locked out of their own funds, and their cryptocurrency transferred to another account with only painful and costly forensics required to trace and recover it. Cryptocurrency’s greatest selling point – that it is anonymous and unregulated – is also its greatest weakness.

The best way to protect cryptocurrency is to take extra precautions. Multi-factor authentication is one way to make account takeovers more difficult since the addition of other authentication factors renders the theft of a password harder. Switching over to other cyber security measures, such as passwordless authentication systems like modern FIDO biometric authentication, is another way to ensure that typical phishing and identity theft methods fail to penetrate a system. 

As the world relies increasingly on digital storage and access, cyber security measures need to keep up. For the best digital protection and peace of mind,  learn more here about Nok Nok’s modern identity and passwordless authentication and how it protects multifactor security measures.

The University of Sunderland, a tertiary institution located in Northeast England, has become just one more victim in an increasing wave of cyberattacks that have been aimed at universities. In recent months, other schools, such as Newcastle University also in England, and Howard University in Washington DC, United States, have suffered similar threats to their cybersecurity.

In the case of the University of Sunderland, the cyberattack rendered students unable to log in for online, remote/distance learning classes and left staff unable to access their email and other data stored on the university network. The school’s online infrastructure was disabled for five days before restoration operations could bring the network back online and accessible to students and staff.

Universities Are New Targets

As the global pandemic changed the way people lived and worked, especially in school situations that put many young people in close proximity of each other, universities, like other organizations, had to change. Remote learning through the Internet had already made in-roads for some universities and certain courses. However, the pandemic accelerated the use and reliance of these systems, causing universities to lean more heavily on their digital infrastructure.

For many cyber-criminals, this presented new opportunities. Rather than corporations or government agencies with years of experience and “hardened” their cyber security against incursion, universities were viewed as easier targets that now relied on their digital infrastructure to work smoothly more than ever.

Ransomware On The Rise Without Cyber Security

One of the most popular forms of cyberattack in the modern day is known as “ransomware.” Rather than for the purposes of mischief or destruction, ransomware is entirely profit-motivated. In these attacks, hackers successfully bypass cyber security and seize control of a network. They then lock out legitimate users so they can no longer access their own data or manipulate the network.

The hackers then offer to restore control of the network back to the facility provided that their release fee is paid. Depending on how crucial the data is and how quickly it needs to be accessed, this can be very lucrative for digital criminals. Organizations may sometimes determine that it will be cheaper and faster to give in to the demands.

Digital Security Is Crucial

With more and more valuable data being stored digitally on networks, it is more important than ever to ensure access to confidential and critical information is properly protected. Modern cybersecurity is about more than just strong passwords, with multi-factor authentication and anti-phishing measures critical to good network security.

For modern digital protection and peace of mind, learn more about Nok Nok’s multifactor authentication technology and passwordless identity and authentication measures.