Why are organizations struggling with cyber security?

Answer: Because there is no simple answer

Some of the reasons for heightened concern are obvious, as hackers have successfully attacked the databases of the federal government and Fortune 500.  Indeed, we’re all painfully aware that hacking has become a sport to many and is championed in certain countries.  Yet based upon recent trends, we’re learning that most organizations are focusing on strengthening their internal security policies and procedures.  Disgruntled employees and outliers present the biggest and most immediate threat to the enterprise.unhappy

Yet to date, no one seems to have the perfect solution to thwart identity theft, fraud and hackers alike.   There simply seems to be no unified commercially viable solution to combat the ongoing threats to cyber security. Or is there?

I came to the realization one key reason enterprise cyber security is so hard to get your arms around is because it’s a relatively new concept.  Consider the early days of the internet which included very basic functionality and no e-commerce or online banking options. The earliest documented online data breaches occurred between 2005 – 2007 when ChoicePoint had 168,000 customer records compromised and TJ Maxx was breached by mastermind Alfred Gonzalez.

Note that experimental hacking took place around the turn of the century, but it wasn’t until 2010 that the hackers started to cause significant harm and attention was drawn to the overall economic impact.  Since then billions of dollars have been involved and leading brands have suffered irreparable damage.

Let’s be honest, we’ve all benefitted from the countless advances in online capabilities.  The quality of communication, video, resources, search speeds and overall user experience continues to advance year to year, month to month and some might say day to day.  Yet, as we get caught up in the bells and whistles of new applications and online services with no boundaries, we forgot to slow down and put security FIRST rather than last.

Doesn’t it seem that many security policies and platforms are being developed in a reactionary manner?  Unfortunately in the past IT leaders and developers thought that passwords would provide the necessary layer of security to protect these new found capabilities.   The simplicity and ubiquity of passwords put developers in a malaise and delayed the wide spread adoption of alternate technologies until the advent of the token for enterprise security and subsequently finger biometrics in 2014 with the iPhone and Samsung Galaxy devices for consumers.  Thus it doesn’t appear that passwords are enough to protect the front door of today’s online world.

Studies, too numerous to note, have stated that biometrics and biometric technology is now in the spotlight.  Enterprise customers are following the lead of Apple and Microsoft and are opening their eyes and ears to the benefits of incorporating biometric technology for both security and convenience.  Also, as traditional methods of security and user authentication fail us biometrics continue to emerge as a logical solution.

Security has now become a key focal point such that Board Directors at leading companies are currently engaged in decisions about cyber security.   A research study conducted by Osterman Research that included 125 executive board members, revealed that 89% of them are actively involved in the cyber security strategy for their company.  But that same survey also uncovered some conflicting opinions, indicating that 70% of the board members claimed that they have a sound understanding of the security options presented by the company’s IT executives.  Yet when those same IT executives were surveyed, they expressed that only 33% of the board members truly “get it”.

Consider this, today most consumers and the enterprise applications they access are relying upon passwords or simple strokes on a key board to identify someone.  Others are relying upon a plastic card to prove identity, while some rely on a PIN number to prove who you are, yet all of these options are static with no real tie to the “human being”.  None of these solutions are unique, certainly none is as unique as your fingerprint or other biometric.

The Platters said it best with their hit song from the 60’s “Only You” as the words chimed “only you and you alone.”  You see that’s what biometric authentication delivers!  It assures any organization that the person accessing the data is “only you and you alone”.  Other methods of authentication simply can’t make the same claim.2 mad emp

How about the disgruntled employee that deals with customers on a daily basis?  He or she may not be as willing to steal customer credit card information because their fingerprint associated them with the customer interaction, therefore any fraudulent behavior can be easy tracked back to them.  How about that outlier, well now they’re not going to download a customer database, because the IT department will associate them with the breach of company policies.

Biometrics represent the great divide.  It’s what separates me from you and you from me and it might be what separates enterprises from cyber security threats.