Followers of prominent Twitter users, such as Bill Gates, Barack Obama and Elon Musk to name a few may have been surprised by charitable offers of double returns to them if they deposited any number of bitcoins to accounts nominated by global influencers. Some have been tempted by the generosity of the wealthy during Covid-19 and adhered to their end of the bargain by sending bitcoins to the named account. It is, of course, a cruel scam designed to take advantage of people when they are at their most vulnerable and a Twitter hack that has caused the biggest security breach in it’s 14-year history. Whilst the scammers are using the anonymity afforded to them by the distributed ledger system of Blockchain, the only protection that users of Twitter, Linkedin and any number of financially vulnerable networks, systems and platforms that we use daily have, are a combination of letters, numbers and special characters that they type to access those networks, systems and platforms.
The Good Old Days
Those among us, who are old enough to remember dial-up internet may recall that, once upon a time, we had one, or at most two passwords to remember, since we only had to access a handful of platforms and passwords were inconvenient delayers of access that we could reuse across those systems. The advent of malicious access led to recommendations of more complex passwords, unique to the platform being accessed and as the internet became a more important part of our daily lives, we were told to have different passwords for different systems, rendering it almost impossible to keep up; how many of us regularly sit frustrated at not being able to remember the specific passwords for particular systems and actually reset our passwords every time we access those systems? I bet that you are thinking, “so I am not the only one,” right now.
The Current Landscape
Some banks have dealt with the password problem, by using hardware, which involves the sending of access codes to allocated devices, in order to allow access, whilst mobile phone manufacturers have gotten in on the action by utilising handset features, such as fingerprint technology, or facial recognition, or the ancient 2G-era timed text message code as “two-step verification”. Furthermore, the major mobile operating systems and VPN providers give users the option to store passwords, a feature that is integrated with the afore – mentioned two-step verification. However, all of those circle back to the same thing that is clearly broken; passwords.
The Enterprise – Grade Response
At an enterprise level, there is the availability of Privileged Access Management, a sector led by Cyber Ark, as well as the usage of Artificial Intelligence and Unsupervised Machine Learning by companies like Darktrace. These are augmented by utilising secure Robotic Process Automation, such as Blue Prism, with my organisation, Venturiq, working closely with them and the likes of Privileged Access Management vendors to build Digital Workers that engage in Penetration Testing, to gauge the vulnerability of corporate systems.
However, the fact remains that blue-ticked and consumer-grade users of Twitter didn’t become vulnerable because Kanye West had an obvious password; it was because the internal systems of Twitter employees with the right to access and amend users’ passwords were compromised.
So, What Next?
Undeniably, the process of innovation in the field of Cyber Security has been quite reactive. It’s those with malicious intent that have been sophisticated. On a practical level, the increase in the number of systems that individuals use, has meant that we simply don’t remember them all. On a technical level, innovation in a wide array of hardware and software systems has been exponential; a mother, who first accessed the internet on a computer, sitting at a desk, will likely have a daughter, who first accessed it on a laptop, as well as a granddaughter, whose first interaction with internet technology will have been on a mobile phone or tablet computer… What has not changed, is the primary mode of how they access those systems… The dreaded password.
Disrupting how we access systems is not just the need of the hour; it has the potential to be a multi-billion dollar opportunity – who will take up the mantle and how will the archaic password be replaced?