CS1701
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
software verification<br />
always good practice to ensure<br />
passwords are unique.<br />
"I can't emphasise enough that<br />
passwords must not be reused across<br />
websites and multi-factor authentication<br />
should always be enabled, if offered by<br />
the site. In fact, users should be<br />
demanding it from the sites they use.<br />
Similarly, businesses need to realise<br />
attempts to breach them are inevitable<br />
and they should be providing customers<br />
with multi-factor authentication as<br />
standard, in order to protect against the<br />
main cause of data breaches -<br />
compromised credentials."<br />
SIGNIFICANT ROLE<br />
"The National Lottery breach highlights<br />
the challenge all organisations face<br />
today - and reiterates the fact that<br />
consumers have a significant role to play<br />
in protecting their online accounts,"<br />
points out Oliver Pinson-Roxburgh,<br />
EMEA director at Alert Logic. "Attackers<br />
leave digital fingerprints in their network<br />
activity or system logs that can be<br />
spotted, if you know what to look for,<br />
and have qualified people looking for it.<br />
Through continuous monitoring, 24x7,<br />
and being able to distinguish normal<br />
from abnormal, organisations can<br />
identify and act against sophisticated<br />
attackers.<br />
"A passphrase is also highly<br />
recommended, instead of a password.<br />
You can take a common phrase and<br />
create a pattern that means something<br />
to you, then add minor edits, as a way to<br />
keep passphrases different. An example<br />
is: 'The sun rise is great today'. A simple<br />
passphrase could be: Tsr!Gr82day. The<br />
passphrase is 11 characters long and<br />
contains number, upper/lower case<br />
letters and a symbol. The exclamation<br />
mark (!) substitutes for the 'i' in the word<br />
is. You can add something specific to<br />
make the passphrase different on<br />
multiple accounts."<br />
REGULATION COMPLIANCE<br />
Finally, David Navin, head of corporate<br />
at Smoothwall, comments: "No matter<br />
how big or small, all companies must<br />
protect their data, and that of their<br />
partners and suppliers. They need to<br />
comply with regulation and build a<br />
layered security defence which spans<br />
encryption, firewalls, web filtering and<br />
ongoing threat monitoring as well as a<br />
proactive stance. Companies need to<br />
have all the measures and contingency<br />
plans in place so that if a breach does<br />
occur, they are able to recover and instil<br />
customer confidence as soon as<br />
possible."<br />
£3 MILLION PENALTY<br />
And the second blow that Camelot has<br />
suffered of late? The financial penalty<br />
of £3 million that the Gambling<br />
Commission imposed on the company.<br />
This followed an in-depth investigation<br />
relating to an allegation that a<br />
fraudulent National Lottery prize claim<br />
had been made and paid out in 2009,<br />
but which only came to light last year.<br />
It was found that Camelot had breached<br />
the terms of its operating licence in<br />
three key aspects: its controls relating<br />
to databases and other information<br />
sources; the way it investigated a prize<br />
claim; and its processes around the<br />
decision to pay a prize.<br />
The £3m penalty package was paid by<br />
Camelot for the benefit of good causes.<br />
This includes £2.5million to represent<br />
the amount that would have been<br />
received by good causes had the prize<br />
claim not been paid.<br />
If life is a lottery, Camelot will be<br />
hoping that it fares better in 2017. That<br />
said, it is but one of many organisations<br />
that have suffered significant breaches<br />
of late - and anyone predicting that<br />
this year will see several others fall into<br />
the same trap definitely won't need a<br />
winning ticket to prove it.<br />
‘Barry Scott, Centrify: passwords must<br />
not be reused across websites.<br />
James Lyne, Sophos: a breach could<br />
provide access to your entire online life.<br />
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2017 computing security<br />
25