In recent years, one of the most popular growing trends in finance and technology is the use of “cryptocurrency.” This is a form of digital money with no physical or historical legacy basis in the way that fiat currencies like the dollar possess. Cryptocurrency exists as computer code shared across the Internet, meaning that its value is constantly confirmed and re-confirmed by the entire Internet, making it both easy to transfer and impossible to counterfeit. It is also deregulated and not under the control of any nation or bank, making it an asset that no government can control.

However, this rising popularity has also put it under more scrutiny. The US government is now laying the groundwork to regulate cryptocurrency, and part of the issue is the growing concerns about the cyber security around crypto. It is now experiencing a high rate of theft.

Account Theft

While cryptocurrency can’t be counterfeited the way dollar bills can, it can be stolen more easily than a fiat currency in some respects. One of the popular misconceptions of cryptocurrency is that transactions are extremely difficult to trace, and therefore it has become popular for illegal transactions. However, the fact that crypto-transactions are immutably stored on blockchain makes cybercriminals and theft easier to trace.

However, there is a serious cyber security issue with cryptocurrency, and that is the actual seizing and controlling of an account can be very easy. Depending on the safeguards a cryptocurrency owner takes or doesn’t because they are based on traditional web technologies, crypto accounts can be stolen and the funds transferred elsewhere. In addition, today’s crypto accounts are also vulnerable because a single crypto key is used for both a user’s identity and their account e-wallet address 

Passwords Are Not Enough

One of the ways that cryptocurrency may be extremely vulnerable is if owners leave the security of their currency up to a single password. A single password, once figured out or stolen through methods such as phishing, means the account’s control can be seized, the legitimate user locked out of their own funds, and their cryptocurrency transferred to another account with only painful and costly forensics required to trace and recover it. Cryptocurrency’s greatest selling point – that it is anonymous and unregulated – is also its greatest weakness.

The best way to protect cryptocurrency is to take extra precautions. Multi-factor authentication is one way to make account takeovers more difficult since the addition of other authentication factors renders the theft of a password harder. Switching over to other cyber security measures, such as passwordless authentication systems like modern FIDO biometric authentication, is another way to ensure that typical phishing and identity theft methods fail to penetrate a system. 

As the world relies increasingly on digital storage and access, cyber security measures need to keep up. For the best digital protection and peace of mind,  learn more here about Nok Nok’s modern identity and passwordless authentication and how it protects multifactor security measures.

The University of Sunderland, a tertiary institution located in Northeast England, has become just one more victim in an increasing wave of cyberattacks that have been aimed at universities. In recent months, other schools, such as Newcastle University also in England, and Howard University in Washington DC, United States, have suffered similar threats to their cybersecurity.

In the case of the University of Sunderland, the cyberattack rendered students unable to log in for online, remote/distance learning classes and left staff unable to access their email and other data stored on the university network. The school’s online infrastructure was disabled for five days before restoration operations could bring the network back online and accessible to students and staff.

Universities Are New Targets

As the global pandemic changed the way people lived and worked, especially in school situations that put many young people in close proximity of each other, universities, like other organizations, had to change. Remote learning through the Internet had already made in-roads for some universities and certain courses. However, the pandemic accelerated the use and reliance of these systems, causing universities to lean more heavily on their digital infrastructure.

For many cyber-criminals, this presented new opportunities. Rather than corporations or government agencies with years of experience and “hardened” their cyber security against incursion, universities were viewed as easier targets that now relied on their digital infrastructure to work smoothly more than ever.

Ransomware On The Rise Without Cyber Security

One of the most popular forms of cyberattack in the modern day is known as “ransomware.” Rather than for the purposes of mischief or destruction, ransomware is entirely profit-motivated. In these attacks, hackers successfully bypass cyber security and seize control of a network. They then lock out legitimate users so they can no longer access their own data or manipulate the network.

The hackers then offer to restore control of the network back to the facility provided that their release fee is paid. Depending on how crucial the data is and how quickly it needs to be accessed, this can be very lucrative for digital criminals. Organizations may sometimes determine that it will be cheaper and faster to give in to the demands.

Digital Security Is Crucial

With more and more valuable data being stored digitally on networks, it is more important than ever to ensure access to confidential and critical information is properly protected. Modern cybersecurity is about more than just strong passwords, with multi-factor authentication and anti-phishing measures critical to good network security.

For modern digital protection and peace of mind, learn more about Nok Nok’s multifactor authentication technology and passwordless identity and authentication measures.

Nicholas Chaillan worked as a software chief for the United States Air Force and was assigned to the Pentagon to modernize the organization’s digital security in August of 2018. In September of 2021, he resigned from his post and claimed, “We have no competing fighting chance against China in 15 to 20 years. Right now, it’s already a done deal; it’s already over, in my opinion.”

Chaillan’s concerns stem from two major issues. The first and most important is that the United States military does not take the threat to digital security seriously enough and was unwilling to commit the funds that would have been necessary for adequate protection against military-grade digital incursions.

“I am just tired of continuously chasing support and money to do my job,” he said. “My office still has no billet and no funding, this year and the next.”

The other concern Chaillan had was the Pentagon’s reluctance to recognize that the next looming threat in digital security was not conventional attacks like “phishing” to illicitly secure passwords, but instead, the threat comes from next-generation, highly sophisticated digital attacks reliant on artificial intelligence to penetrate systems that still don’t use newer techniques like biometrics.

While not true artificial intelligence in the sense of software that can think autonomously, AI refers to increasingly complex algorithms capable of finding patterns and solving problems. When directed for offensive purposes, AI can be used for digital reconnaissance, such as scanning and compiling social media profiles to construct a digital “alias” of a trusted individual. It can be used to intelligently guess passwords, reducing brute force time by accessing profiles of relevant individuals. For systems not using biometrics, this collects a list of potentially useful keywords, and uses those in alphanumeric combinations for user-ID/password combinations.

Chaillan contends that China is aggressively pursuing AI in a cyber warfare capacity. They are putting in both the money and eliminating any professional or ethical barriers that might slow progress. Conversely, the United States is experiencing difficulties in this same area as expertise from companies like Google is withdrawn on ethical grounds, such as when Google objected to the use of its technology to increase the precision of drone targeting systems.

Digital Warfare Continues To Evolve

As with real-world defensive and offensive measures, digital attack and defense are in a constant state of new measures being developed requiring new countermeasures to repel. With increasingly sophisticated and automated phishing attacks, relying exclusively on 40 year old legacy password security technology is no longer be enough. If you’re still relying on a legacy password security technology and want to upgrade your network to modern identity and authentication security technology, (including the new global standard of key-pair biometrics), look at Nok Nok products for secure, password-free cyber authentication solutions. The largest global financial brands depend on Nok Nok’s modern auth platform for improving and protecting customer trust.

Insurance companies around the USA are now following an alarming trend of increasing premiums on hacking and digital security breach coverage while providing less coverage when these issues occur. When it comes time to renew a policy for digital security, some companies are now facing as much as a 300% increase for budgeting in this contingency. A major reason for the increase is the rising number of successful attacks, forcing insurers to pay out to clients. Throughout the pandemic, as various organizations have moved work and data to local networks and even to cloud-based networks to facilitate data sharing, digital intrusions have increased. Ransomware and similar attacks have plagued many sectors, including construction, healthcare, government, and education that have failed to upgrade to more secure forms of protection like multifactor authentication.

More Measures Required Like Multifactor Authentication

Insurance companies themselves are becoming increasingly stringent when it comes to even considering giving coverage to a company for digital security. For example, many insurance companies won’t approve an application from a company that doesn’t use MFA, or multifactor authentication, a verification system that relies on more than just a person using only a single password to gain access to a network. Single password systems are incredibly vulnerable and far more prone to a successful intrusion than networks using MFA protocols.

Insurance companies are now also using their own scanning and digital reconnaissance technologies to “audit” the networks of potential clients and see how vulnerable they are. This has played a role in how insurers determine the monthly rates for the premiums a company must pay if they are serious about getting insured against cyber attacks.

Cyber Attacks Are Real And On The Rise

The days when only large companies or government agencies had to worry about hacking or other forms of digital intrusion are over. As more and more businesses of every size—and even private citizens—move more of their crucial data into the digital space, it becomes more lucrative for criminals.

Identity theft, where other individuals use personal identity details like credit cards and social insurance numbers, is rising. Ransomware, where network access and other critical functions are taken over and locked out until money is paid, is also hitting more companies. Network security is a real concern for any person or organization collecting and storing important, sensitive, or confidential data digitally. Legacy security systems based on single-passwords and personal information (knowledge-based access) is proving to be insufficient to protect against modern digital threats that are increasingly more sophisticated and automated. If you’re interested in upgrading your legacy security systems to modern FIDO-based multifactor authentication, Nok Nok has a variety of platform solutions and is trusted by the biggest financial institutions for protecting their customer’s identity and authentication.

The world is now experiencing a time of conflict unlike anything seen in years, but because this is a modern-day, 21st-century clash, the war is not just being fought on a physical battlefield but also a digital one. As the invasion of Ukraine began official state hackers from both Russia and the West engaged in digital warfare, as did independent organizations such as “Anonymous,” a rogue hacking collective that has decided to stand against Russian cyber warfare.

Unfortunately, the worlds of military, corporate and civilian government data spaces are now considered fair game for state-level cyberattacks, funded and driven by government agencies. Now some companies are taking a stand.

Google Intervenes

Google, one of the premier technology companies globally for data management and analytics, is now providing security keys to groups and individuals to help protect them against cyberattack activity. They are distributing 10000 Titan security keys to individuals like journalists, whistleblowers, government officials, and others with sensitive or confidential data to encrypt and protect systems against intrusion and spying.

A Titan security key is an added level of encryption and access control. It is two devices, one a USB card shaped like a key, a Bluetooth device that functions similarly for wireless connections. This adds an extra level of multifactor authentication to an account. In addition to inputting a password to access data on, for example, a Gmail account, an account linked to a Titan security key would require the presence of the USB key plugged into the computer or a confirmed connection to the Bluetooth version for verification.

In other words, like with older multifactor authentication, methods that require a one-time code sent to a phone as an added layer of security, a Titan key system means that even if a password has been stolen through phishing or other means, the data can’t be accessed without a Titan security key to open the second “lock” on the data.

Multifactor Authentication Is The Best Defense

What Google and many other technology companies are discouraging is the use of only a single password to gain access to data and control of systems. A single password means that everything from identity theft, spying on confidential data, and outright seizure of control of systems is possible once that password is discovered.

Now that government agencies like Russia’s GRU are going after many systems and data, security is more important than ever.  If you’re still relying on a legacy password security technology and want to upgrade your network to modern identity and authentication security technology, (including the new global standard of key-pair biometrics), look at Nok Nok products for secure, password-free cyber authentication solutions. The largest global financial brands depend on Nok Nok’s modern auth platform for improving and protecting customer trust. 

Cyber attacks do not only target private individuals, but they can also represent increasingly sophisticated and persistent threats to national security. Billions of dollars are spent on legacy security annually, yet data breaches and theft are accelerating. Many institutions and organizations have suffered. That is why it is important to leverage modern security technologies and zero-trust architectures across sectors.

Becoming More Proactive

In its bid to address exposed areas of weakness in US digital infrastructure, the United States Federal Government updated its cyber security strategy.  In January 2022, President Biden signed Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity. With this modern approach to cyber security, the US Federal Government boldly transitions from incremental improvements to legacy perimeter-based defenses – to significant investment in modern “zero-trust” architectures that never trust and always verify “anything and everything attempting to establish system and data access.”

Aiming for Safer Cyber Infrastructure

When multifactor authentication (MFA) was added to legacy knowledge-based-access (KBA) that is based on the storing and passing of passwords and other personal secrets, there was indeed, a measurable reduction in risk to digital systems and data compared to single factor authentication.

However, the attack strategies of bad actors (attack vectors) evolved such that today, these legacy KBA methods, even with MFA, no longer protect against sophisticated phishing attacks that easily fool account owners into providing account credentials to the attackers. Once a legitimate account is taken over (such as the case in the ransomware attack against Colonial Pipeline), it is very hard for any system to detect a bad actor before significant damage is done, data is stolen, or malicious code is embedded that creates security vulnerabilities at a later time (such as the case with the Solarwinds supply chain attack.)

In a very bold move and positive development for the modern identity and authentication industry, our nation’s new cyber security executive order recommends that federal agencies achieve zero trust security goals with strong, FIDO-based MFA by the end of Fiscal Year (FY) 2024, with plans for implementation due within 60 days.

Among other requirements for networks, devices, endpoints plus encryption for data and DNS traffic, the directive includes centralized enterprise-managed identities with phishing-resistant MFA to protect users from sophisticated attacks (including both PIV credentials and FIDO2 Web authentication (known as “WebAuthn”) created by the FIDO Alliance and published by the World Wide Web Consortium (W3C). The directive also includes enterprise-wide identity systems based on zero trust architecture that always verifies users before granting access.

Strong Defense for All

In a push for safer cyberspace infrastructure, the US Federal Government joins the thousands of enterprises that are leaving legacy KBA and perimeter-based security thinking behind in favor of modern and strong MFA identity and authentication.

As the world continues to see a massive proliferation in devices and network connectivity, technological advancements are required to address the growing challenges in fighting cyber threats and risks. Nok Nok Inc in partnership with the global FIDO Alliance they founded, is among those at the forefront of this fight.

The FIDO Alliance is an open industry association that develops and promotes authentication standards. At the same time, it also pushes for safer and more convenient cyber security measures for the end-user. Thus, making it a mission to reduce people’s insecure and over-reliance on legacy password and KBA-based system access. Learn about Nok Nok’s industry-leading FIDO platform for strong user and IoT authentication here.

Billions of dollars are spent on legacy perimeter-based security annually, yet data breaches and theft continue to accelerate. These security risks are among the threats that institutions, especially those dealing with finance, need to address. Not only will solutions protect the organization itself, but they will also ensure the trust and safety of consumers – a top five 2022 priority among VP, C-suite and other enterprise executives.

Going Password Free

For many years, we have been relying on the use of passwords and knowledge-based-access (KBA) to verify user identity before granting system access. With its addition, while MFA has helped in protecting users against many types of attacks, the attack strategies of criminals evolved to find additional ways to take over accounts and conduct data breaches and identity theft.

Modern, phishing-resistant authentication (also referred to as “passwordless authentication”) is now a leading priority to improve security. Generally, it involves a consumer-centric approach to verify user identity without the need to capture, store and transmit passwords, personal secrets and other sensitive user data. This modern authentication approach involves cryptographic keypairs combined with one-time passwords (OTPs) and device-level biometrics that verify users on devices requesting access to digital services in a way that dramatically decreased user friction related to account setup and sign-in.

The advantages of going password-free can be experienced by both the institution and the users. As it offers dramatically reduced user-friction with defense-grade security, both the user experience and enterprise performance improve significantly. Enterprises implementing modern, phishing-resistant identity and authentication report authentication success rates of 99.5%, speed improvements in account signup and authentication of 50% or more and decreases in CSR calls and password resets of 60% or more. Both users and enterprises report dramatically improved consumer satisfaction in high value operating environments and payment transactions.

Nok Nok and Passwordless Authentication

Joining multiple members of the financial technology industry, Nok Nok participated in the recently conducted Authenticate 2021. Aside from being a participant, Nok Nok also served as a presenter.

During the presentation, attendees have seen some examples of real-world applications of password-free authentication. These are all based on Nok Nok’s customers’ experience.

• Intuit TurboTax®: The partnership between Intuit and Nok Nok has addressed the former’s problem with a high level of friction during the creation of a new account. By leveraging the mobile App for passwordless Sign-Up, the company has seen a 10% increase in Sign-Up conversions. The Sign-Up time has also shown a 50% reduction.

• T-Mobile: Forgotten passwords and account pins are among the problems many users experience. By incorporating FIDO-based biometrics and out-of-band push authentication, there has been at least a 65% reduction in account recovery requests within three months.

• Fintech: Among the common problems causing friction to user experience is the complex login requirements, such as the use of passwords and SMS OTPs. Enhancing platform authenticators through FIDO passwordless authentication during web Sign-In, the Sign-In speed increased by 8x. Additionally, there was a 40% increase in users during the first month.

• Major Bank: Financial institutions are also increasingly targeted by cyberattacks, especially for fraudulent activities. The use of modern FIDO biometrics and application pins for secure access via a mobile app has helped reduce fraud incidents. The app user reviews rating has also seen an improvement. Since one-time password resets are dramatically reduced, OPEX costs of decreased SMS OTP were reduced as well.

• TEPCO Power Grid: Ensuring security is a must for the power grid. However, encouraging the use of complex passwords which are deemed “secure” slows down maintenance workers. To address this problem, Nok Nok and TEPCO leveraged modern web browser and device biometric authentication. Not only did this approach offer safe Sign-In experiences, but it also increased the speed and simplicity of account registration, account creation and sign-in as well.