Long gone are the days of simply encrypting connections and using scanners to patrol the cyber-hallways of one’s database; black-hat manipulators of code have examined the methods of defense that are common to enterprises everywhere and evolved their own countermeasures to circumvent them.
The IT personalities whom are never directly reached by the public are tearing their hair out by the roots over the latest problems that Spectre and Meltdown have brought alongside the creative new ways that phones, tablets and PCs are being cracked.
Although one wouldn’t think that common user malware would be a relevant point of discussion here, it’s truthfully a prolific point of access into larger systems that are rife with sensitive and profitable personal data. Many citizens are employed as contractors for third-party companies that serve a client company toward the completion of field tasks that pertain to filling incremental metrics, meeting quality assurance goals and back-checking operatives’ handiwork. This occurs in all industries as a form of merchandising or specialist company that employs its own vendors and equips them with a set of skills, tools and knowledge to handle what the core manufacturer isn’t able to deal with due to location or revenue constraints.
As such, the increasingly complex state of the business world has many manufacturers pulling multiple third-party branches into the mix, each with their own specific contribution toward the corporate metrics that keep food on everyone’s tables and deliver a quality product to the common client. The downside of this, of course, is what happens to the manufacturer’s security when they open their doors to so many companies at once. In fact, many such companies have multiple portal interfaces, access sites and redirect routes to allow for even a single vendor company to provide various means of reporting and interaction for the manufacturer.
Then, one has to account for each of these third-party companies employing a workforce in the hundreds or thousands, each individual member with their own personal devices at work to capture and relay data from the field to an office somewhere. The factors are manifold, to say the least, and it breaks down to a security-puncturing scheme that goes a little like this:
- Each operative has a specific hardware configuration.
- Each hardware configuration has a specific operating system.
- Each operating system has a specific version.
- Each version supports a spectrum of potentially installed applications.
- Many such applications are developed by different people.
- Different developers accidentally incorporate different security flaws in their apps.
- Different flaws allow different forms of malware to hijack the operative’s device, monitoring and manipulating data.
This means that out of potentially thousands of operatives serving a single company, it only takes a single line of code to result in the kind of large-scale breaches that occur frequently today with companies such as Best Buy, Target, Walmart, Amazon and more.
The way around this is by utilizing a new type of security service called OneLogin: single sign on (SSO) convenience to wire-tie the many third parties into a single entryway while backing this up with multifactor authentication (MFA) to double- and triple-layer the login credentials. OneLogin serves as a mediator, completely shielding sensitive databases and forcing all data to travel through a unified, tightly secured checkpoint that’s as safe as it is quick. This is a solution that protects clients of the manufacturer as well as field operatives and the vendor companies they’re hosted by.
Watch this space for regular updates in the Technology category on RWR.
Running Wolf’s Rant’s correspondent who chooses to remain anonymous…