Big security vendors have been pushing the same technology for over 25 years. Yet every day these technologies are proven to be ineffective and easily breached. If you’re in charge of security at your company and you’re using anti-virus and tokens and you think you’re safe, this is your wake-up call.
Week after week of reported security breaches should be forcing businesses to re-evaluate the methods they use to prevent these now routine occurrences. Most recently, a team of scientists produced a report explaining how they extracted a key from an RSA token in just 13 minutes, exacting the passcode simply by prying open what looks like a USB thumb drive. This is what the world’s largest tech security vendor has in its arsenal? They sell tokens because it makes them a lot of money and they don’t have anything better to protect you with. Tokens are older technology that unfortunately can be compromised by a MITM (man-in-the-middle attack). Disclaimer: My company, StrikeForce Technologies, also supports hard and soft tokens (yes, some people still want them); however, we stand strong on endorsing out-of-band authentication (the strongest of authentication methods), which cannot be defeated by a MITM attacks.
Just a few days ago, another troubling report was published by the University of Alabama-Birmingham that showed the leading anti-virus vendors were only able to prevent 25 percent of the password stealing and remote control Trojan malware in their sample. How on earth has this become acceptable?
The malware that has become particularly troublesome are the keyloggers. Keyloggers that track each keystroke made on your keyboard have become, we believe, the favorite tool used by hackers. According to the recent 2012 Verizon Data Breach Report, keyloggers were identified as the No. 1 threat. Anti-Virus vendors all claim to prevent keyloggers. What they don’t tell you is that they only prevent “known” and catalogued keyloggers, not the hundreds of thousands that have yet to be detected or thousands that are created every day.
Anti-Virus and tokens are ineffective at preventing breaches.
Last week’s reports should trigger every business owner and IT security executive to immediately re-evaluate their security practices. Hackers are sending everyone a message, which should come through load and clear. Anti-Virus and tokens are ineffective at preventing breaches. It is critical for businesses and consumers to utilize an anti-keylogging technology. Look for keystroke encryption that will protect anything you type on your PC.
This is of no real fault of the anti-virus vendors. Their job is nearly impossible. They have become much like the police. You can arrest the perpetrators when they commit a crime, but that doesn’t stop the crimes from continuing to occur. They simply come from different sources and get more sophisticated at hiding. Anti-Virus vendors, quite frankly, do a remarkable job at catching and patching as much as they do. But like Lucille Ball at the chocolate factory, although it starts out pretty easy, eventually becomes impossible to keep up. Now, it seems like these vendors are getting caught with chocolate up their sleeves.