CS1701

software verification
always good practice to ensure
passwords are unique.
"I can't emphasise enough that
passwords must not be reused across
websites and multi-factor authentication
should always be enabled, if offered by
the site. In fact, users should be
demanding it from the sites they use.
Similarly, businesses need to realise
attempts to breach them are inevitable
and they should be providing customers
with multi-factor authentication as
standard, in order to protect against the
main cause of data breaches -
compromised credentials."
SIGNIFICANT ROLE
"The National Lottery breach highlights
the challenge all organisations face
today - and reiterates the fact that
consumers have a significant role to play
in protecting their online accounts,"
points out Oliver Pinson-Roxburgh,
EMEA director at Alert Logic. "Attackers
leave digital fingerprints in their network
activity or system logs that can be
spotted, if you know what to look for,
and have qualified people looking for it.
Through continuous monitoring, 24x7,
and being able to distinguish normal
from abnormal, organisations can
identify and act against sophisticated
attackers.
"A passphrase is also highly
recommended, instead of a password.
You can take a common phrase and
create a pattern that means something
to you, then add minor edits, as a way to
keep passphrases different. An example
is: 'The sun rise is great today'. A simple
passphrase could be: Tsr!Gr82day. The
passphrase is 11 characters long and
contains number, upper/lower case
letters and a symbol. The exclamation
mark (!) substitutes for the 'i' in the word
is. You can add something specific to
make the passphrase different on
multiple accounts."
REGULATION COMPLIANCE
Finally, David Navin, head of corporate
at Smoothwall, comments: "No matter
how big or small, all companies must
protect their data, and that of their
partners and suppliers. They need to
comply with regulation and build a
layered security defence which spans
encryption, firewalls, web filtering and
ongoing threat monitoring as well as a
proactive stance. Companies need to
have all the measures and contingency
plans in place so that if a breach does
occur, they are able to recover and instil
customer confidence as soon as
possible."
£3 MILLION PENALTY
And the second blow that Camelot has
suffered of late? The financial penalty
of £3 million that the Gambling
Commission imposed on the company.
This followed an in-depth investigation
relating to an allegation that a
fraudulent National Lottery prize claim
had been made and paid out in 2009,
but which only came to light last year.
It was found that Camelot had breached
the terms of its operating licence in
three key aspects: its controls relating
to databases and other information
sources; the way it investigated a prize
claim; and its processes around the
decision to pay a prize.
The £3m penalty package was paid by
Camelot for the benefit of good causes.
This includes £2.5million to represent
the amount that would have been
received by good causes had the prize
claim not been paid.
If life is a lottery, Camelot will be
hoping that it fares better in 2017. That
said, it is but one of many organisations
that have suffered significant breaches
of late - and anyone predicting that
this year will see several others fall into
the same trap definitely won't need a
winning ticket to prove it.
‘Barry Scott, Centrify: passwords must
not be reused across websites.
James Lyne, Sophos: a breach could
provide access to your entire online life.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2017 computing security
25