From the Influencers 

This Month’s Key Quotes from Leaders in Cybersecurity

Even as we are getting desensitised to almost daily breach announcements, the amount and especially the quality of compromised data in this case is staggering. From the three-factor authentication – something you know, have or are – it takes out two, knowledge and biometrics. That this kind of super-sensitive information was stored in plain text might have been embarrassing in 2005; in 2019, it's criminal negligence.

Igor Baikalov, chief scientist at Securonix, comments on the news that the fingerprints of over a million people, as well as racial recognition data and unencrypted usernames and passwords, was discovered on a publicly accessible database for Biostar 2, which is used by a host of organisations, including the UK Metropolitan police

It’s important to note that financial institutions like The European Central Bank, relatively speaking, typically have a more robust cybersecurity posture than peers in other verticals. However, this does not make them immune to cyberattacks. There is still considerable opportunity for financial institutions to improve cybersecurity postures and go on the offensive with threat hunting teams.

Rick McElroy, head of security strategy at Carbon Black, comments on the malware attack on the European Central Banks’ Integrated Reporting Dictionary, which has been taken offline until further notice

Password-based security is entirely insufficient at protecting large numbers of users from determined attackers. A long history of major breaches has thoroughly demonstrated that people generally stink at selecting passwords and tend to use the same (or similar) passwords across many sites. Systems which authenticate users based solely on a password are simply not secure.

Kowsik Guruswamy, chief technology officer at Menlo Security, gives his view on Uber’s admission that it paid hackers to delete stolen cache of stolen driver data

It’s pleasing to see concrete, immediate steps being taken by Government to increase the cyber skills of both the current and next generation. Many of the organisations granted funding in the previous round were devoted to addressing diversity issues within the industry, so hopefully this continues. Companies themselves also need to build diversity into every single process, programme and initiative to counteract unconscious bias. Building diverse teams should be a no-brainer for businesses, as doing so has clear benefits - from boosting creativity to achieving greater financial success.

Adam Philpott, President, EMEA, at McAfee comments on the UK Government’s launch of the latest round of its Cyber Skills Immediate Impact Fund, which is designed to boost the diversity and strength of the UK’s cybersecurity sector

Many are highlighting the significance of a single engineer causing damage in the case of the Capital One breach. The reality of any such situation such as this that it really only does take one person to infiltrate and compromise security at a business – and usually by accessing administrative or privileged systems. Lessons to learn from this are that to mitigate risk, access to business's most sensitive data and systems - including servers - needs to be painstakingly protected, controlled and monitored.

Andrew Clarke, director, Strategic Alliances & Channel Partnerships, EMEA at One Identity, comments on the news that a single person, former AWS employee Paige Thompson, was responsible for the high-profile Capital One data breach