Advice

In the first part of this series, we decried the overreliance on passwords for authentication. In the second, we discussed the full range of means at one’s disposal. In the third, we described the advantages of using multiple means in conjunction with one another. In this fourth and final part, we detail how, when no other option is presented, one can use single-factor, password-based authentication (PBA) at its most securely.

In the first part of this series, we held an intervention over the widespread use of passwords, complete with the ever-widening list of arduous hoops to jump through that are imposed on users in the name of security. In the second, we revealed just how expansive the field of authentication methods really is, but with the caveat that no single method is without its flaws. In this third part, the gold standard of authentication—multi-factor authentication (MFA)—is presented.

In the previous part of this series, we discussed the many shortcoming of passwords as a means of authentication—the process of verifying that a given person is someone you want to be able to do something, such as use a piece of software, log in to an online account or access an area of a building. In this part, a range of authentication alternatives to passwords will be presented, along with their pros and cons.

Passwords are ubiquitous and have been for decades, despite repeated predications over the years of their impending death. They have remained popular for a range of reasons, primarily their simplicity and familiarity, backed up by how widespread technological support for them has traditionally been. As a result, the status quo is often not challenged, despite expert consensus that passwords are—well—a bit naff.

In the first part of this series, we covered the threat posed to your business by attacks on your supply chain. In the second, we detailed a number of ways of properly vetting potential suppliers, both obvious and non-obvious. In this third and final part of this series, we will detail a range of tactics you can use to protect yourself in the event of an upstream company being compromised.

In the first part of this series, we explained how you are ‘only as secure as the company you keep’ and detailed the threat posed by supply chain attacks such as the 2017 NotPetya attack and contemporary activities of Magecart cybercriminal groups. However, for most people, using a supply chain is not optional. Here, we will go through ways of vetting your supply chain.

You are only as secure as the company you keep, and in the modern technological ecosystem the company a company keeps is increasingly becoming a crowd. Particularly in the retail industry, but by no means exclusive to them, companies ‘rely on armies of third-party services to boost engagement and optimize the customer experience on their websites’.

You may have heard talk about a shadowy entity called ‘Magecart’. You may know that whatever or whoever this ‘Magecart’ is, it’s not good, but you may have other questions: who or what are they, what do they do, and how can you defend against them? This article shall attempt to answer those questions.

Though ransomware has stolen much of the limelight over the past two years, following the unprecedented WannaCry and NotPetya attacks of 2017, the biggest threat to businesses remains, and may be increasingly, that of Trojan horse malware.

Two things can be expected from any field at the start of a new year. First, a look back at the events of the previous year. Second, a rather more risky look ahead at the year to come, complete with predictions and premonitions. This is true in the cyber security field as much as in any other.

As in every industry—particularly technology-centric ones—the history of the cyber security industry has been one of task automation. From the early days (some may say Gen I days) of firewalls and pattern-matching antiviruses to modern techniques of machine learning-based malware detection and traffic analysis, the tools available to a security-minded business are constantly growing in complexity, in an arms race with cybercriminals whose malware has been doing the same.