Rox Breaux in Search CIO: Use Russian Hackers to Demand Better Security


1.2 billion: That is the staggering number of username and password combinations a gang of Russian hackers stole from 420,000 websites earlier this week, according to Milwaukee firm Hold Security. News of the breach broke in the midst of this week's Black Hat security conference, where no doubt it is taking up a lot of airtime. But what does the billion-plus headline mean for CIOs?

Well, size tends to get people's attention. "If that number is accurate, it could be anywhere from one-sixth to one-third of the entire Internet's population of users," said Ronald Breaux, head of the privacy and data security Group at Haynes and Boone, LLP, an international law firm. He suggests CIOs strike while the outrage is high and hold their bosses and employees to a higher security standard. Now is the time to push for better technology and insist on security compliance.

Step No. 1? Upgrade your company's website authentication systems.

"CIOs need to start thinking about whether a static, two-factor authentication system is sufficient," Breaux said. He's urging companies with very sensitive, accessible data to move to three-factor authentication, with one of the factors being dynamic. This is a model used by many merchants that employ online banking. For example, if you log in from an unrecognized computer, the site will ask you for your cell phone number or email address, and it will text or email you a token number that you will then input into the login screen in addition to your user name or password.

Excerpted from Search CIO, August 11, 2014. To view full article, click here (subscription required).


Email Disclaimer