Greatest cyber vulnerabilities are people, says cybersecurity expert
the fact that major defense companies like Lockheed Martin may have been hit by cyberattacks as a result. Following these attacks, what effect has the RSA incident had on the cybersecurity industry?
CJ: Within the security industry, I believe the effect is limited as people are very familiar with the landscape and what can be done. However, among the public, there has been a significant impact since the attacks have brought to light that even large security companies that have a lot of money, a lot of talented people and some solid technologies can be targeted and are not protected against sophisticated attacks. Among large companies and governments, it has changed the mentality about proactive security in the sense that these organizations now look at start up or early stage companies for innovative technologies as opposed to only relying on three or four major security companies.
The problem with the breach in RSA SecurID is the fact that, for the most part, all the large companies and governments used the technology and so when RSA Secure ID has been compromised, all of them have subsequently been compromised.
HSNW: Did the RSA cyberattack reveal a critical vulnerability in two-factor authentication?
CJ: Not a critical vulnerability, but more limitations. Two factor authentication is secure if used properly. In the case of RSA SecurID, the technology was secure – so secure that attackers had to attack RSA to have access to the seed in order to break and compromise the tokens.
The limitations of one time SecurID like the one from RSA is the fact that the whole security is based on a secret seed. If this seed is compromised, then the token can be duplicated and hence compromised.
HSNW: Your company’s website boasts that your product QI “provides the ultimate level of file and document protection.” What makes your cybersecurity solution “bulletproof” as you say on your website?
CJ: From a security perspective, our security is based on the fact that to compromise our system you need to have access to the QI, the password that goes with QI, and the file. Since these three pieces can be located in three different places, it makes the overall design more secure and resistant to many attacks.
For example, if someone key logs your computer or finds your password, they do not have the QI. If they have access to the QI, then they still don’t have the password (if you enter a wrong password 10 times, the device disables itself automatically). If someone finds the QI and has access to the correct password, they still don’t have the file. If they have the file, the document is encrypted and can only be decrypted with both the QI and the password.
What makes QI even more robust is that it has taken the end user (hence ‘people vulnerabilities’) into consideration and provides a unique technology that is easy to use and can be deployed across a company with no tech support