Instant access to information is pretty much an expectation, whether that means checking an account balance or accessing services from a government agency. The common perception is that openness may have a high cost in terms of enabling cyber attackers to gain access to critical data. However, does accessibility mean more risk?
On the Government Technology Insider podcast, we spoke with Malcolm Harkins, Chief Security and Trust Officer at Cylance to find out just how big an issue this is, and whether enough is being done to mitigate the risks.
While a closed environment may provide protection from external threats, Harkins explained, it also creates a different kind of risk, the risk of lost opportunities. A system that allows for more access also supports agility and flexibility. And while that may add some risk, he added, they can be managed with the right controls.
Securing data comes down to making sure only the right people have access to the system. This means coming up with ways to ensure each user’s identity. Biometrics, two factor authentication, tokens…these are all systems that can be fairly effective, but may also be spoofed. Harkins brought up an idea he’s been floating for years: using a granular view of a user’s digital footprint to identify them and the technologies they use to ultimately provide both convenience and trust. This multifactor authentication will, naturally, require some innovative approaches to make it happen, but it is achievable.
While citizens are more frequently interacting with the government online in some capacity, Harkins’ concerns go beyond just government websites. He pointed out that sites can potentially not only be hacked to gain access to their back-end data, they can also be used to attack visitors to the site, by tricking them into downloading malicious code. What’s essential is to validate the site’s code, whether or not there is a mandate to do so.
The risk is in eroding confidence in the systems, and by extension, in the organizations that own them. Harkins said that, rather than simply accepting the idea that “compromise is inevitable,” and even though risk can’t be eliminated, there’s always more that can be done, and done better.
Ultimately, Harkins said, risk is inevitable. What matters is how well you understand it and shape its trajectory, so you can take advantage of the opportunities it presents.
Listen to the podcast here: