In recent years, it has become clear that the automotive supply chain is at huge risk of cyber attack. The Arnold Clark attack, in particular, serves as a reminder that UK businesses holding extensive customer databases will increasingly be targeted by ransomware gangs, and that organisations must take steps to protect their digital data.
One of the biggest vulnerabilities for cyber breaches are weak, guessable and reused passwords. For that reason, it is now widely considered essential to use multi-factor authentication to secure accounts accessible over the internet.
The Future is Password Free
Good news for cyber security – authentication methods that do not require a password at all are becoming increasingly commonplace and could soon be the norm.
True passwordless authentication eliminates the need for passwords altogether, providing alternative forms of authentication to allow secure access. This technology will always use more than one factor of authentication, and although there is no password, the other two or more factors can involve a digital certificate (which is like a digital ID card) working behind the scenes, encryption methods, or additional biometric checks combined with codes from authentication apps.
There are many methods and variations of passwordless technology that can be used instead of a password (or in addition to a password). Multiple types of technology are often integrated to create an authentication process, using numerous methods in combination.
The Five Controls of Cyber Essentials
The Cyber Essentials scheme was introduced by the UK Government in 2014 as way for organisations of all sizes to tackle their cyber security. The annually renewable certification consists of five technical controls that will help prevent most common internet-based cyber security threats.
The Cyber Essentials certification badge signals to customers, investors and those in the supply chain that an organisation has put the government-approved, minimum level of cyber security in place and can be trusted with their data and business.
If you are looking to take control of your cyber security, Cyber Essentials is widely considered the perfect starting point.
Continuous Improvement
Technology is advancing at an increasing pace and the Cyber Essentials requirements must continue to adapt and change to stay relevant and valid. A team of experts review and update the Cyber Essentials scheme at regular intervals.
Next year, the Cyber Essentials requirements will reflect the changes to login methods that are rapidly taking over in technology. This will include the option to use systems that use passwordless technology.
There are numerous methods of verifying identity without using traditional passwords. Here are some common examples; sometimes these are used in combination:
Biometric Authentication: Uses biological traits of the person logging in, such as fingerprints or facial features, to confirm their identity.
Security Keys or Tokens: Involves physical hardware devices like USB security keys or smart cards.
One-Time Codes: Temporary codes sent via email, SMS, or a mobile app.
Push Notifications: Prompts on a smartphone to approve or deny a login attempt.
An app on a trusted device: This could be an authenticator app provided by Microsoft or Google.
Use of a ‘trusted’ or ‘known’ device: As you login, the server you are connecting to will use a range of different methods to uniquely identify your device. This will enable it to recognise it as a trusted device on future logins.
QR codes: These can be scanned by a camera on a connected device. The user will then simply follow the instructions on the screen to finish signing in.
Adapting to the Future
As we look to the future, the shift towards passwordless authentication represents a significant step forward in cyber security. By eliminating the vulnerabilities associated with traditional passwords, organisations can enhance their security and reduce the risk of cyber incidents. The Cyber Essentials scheme, with its continuous adaptation and improvement, remains a cornerstone of the UK’s cyber resilience strategy, proving that even the most basic controls can have a powerful impact when they evolve with the times.
Use the free Cyber Essentials Readiness tool to help you understand whether the cyber security in your organisation meets the requirements for Cyber Essentials.
Go to the Cyber Essentials Knowledge Hub to find free up-to-date cyber security guidance.
Apply for Cyber Essentials here.
Source: Tyretradenews