Cyber Resilience Towards the Quantification of Cyber Security Threats

The World Economic Forum and its partners have developed and shared a way for organizations to calculate the impact of cyber security threats. The framework, called cyber value-at-risk comes at a time when cyberattacks are increasing in velocity and intensity, and when 90% of companies worldwide recognize they are insufficiently prepared to protect themselves against them.

Cyber Resilience workshop at the World Economic Forum meeting in Tianjin, China. September 2014.

Download the full report here: Partnering for Cyber Resilience Towards the Quantification of Cyber Threats

Cyber Resilience workshop at the World Economic Forum meeting in Tianjin, China. September 2014.

I feel honored to have been one of the participants in the development of this. The project is led by Elena Kvochko and team of the World Economic Forum in collaboration with Deliotte and other Forum partners.

Cyber Resilience workshop at the World Economic Forum meeting in Tianjin, China. September 2014.

The World Economic Forum announced this today at the annual meeting in Davos.

(Source: WEF Press Release: New Framework to Help Companies Calculate Risk of Cyberattacks)

9 Reasons Why News Media Web Sites Should Consider Moving to HTTPS in 2015

If you work in news media and are interested in technology, you may enjoy my article listing 9 Reasons Why News Media Web Sites Should Consider Moving to HTTPS in 2015. I co-authored it with Eitan Konigsburg and Elena Kvochko, two colleagues with expertise, deep knowledge and passion for cyber security, privacy and technology.

It is published on the Times Open Blog maintained by the Software Engineering Team at The New York Times.

My personal Web site, rajiv.com is served exclusively on HTTPS thanks to CloudFlare.

Why I’m not a fan of fingerprint scanners for computer security

These days many notebook computers and portable devices like USB drives are featuring fingerprint scanners which they advertise as biometric security.

I’ve never been a fan of biometric security of this type. I will explain why using different scenarios:

Likely scenario: Stolen or lost laptop

If your laptop is lost or stolen, it is bound to have nice samples of all your fingerprints all over its nice smooth body. Picking up samples of your fingerprints from your laptop surface is much easier than cracking your password. A few internet searches or a visit to a detective/spy shop will provide the person in possession of your notebook computer or other lost gadget all they need to make copies of your fingerprints and create a mold that they can use to authenticate as you.

If your laptop had been secured with a password and encryption, they’d likely reformat your hard drive and your losses would be limited to your hardware. If a fingerprint scan was all that was required to gain access to your account, then your data, your privacy, not to mention your peace of mind for years to come will likely be stolen too.

Another scenario: Forced access to your computer

Let us consider another likely scenario without going into the cinema-like gruesome situation of a villain cutting off your thumb to forcibly access your computer. Say you are sleeping in a shared college dorm. Your roommate or a friend can bring your laptop near you and easily swipe your finger on it to gain access to all your files. You don’t even have to be unconscious. A person or gang stronger than you can easily overpower you without hurting you physically and swipe your finger on your computer to gain access.

Security Related Cartoon from XKCD

You see? This type of fingerprint scanning biometric security alone replacing passwords (instead of being used in combination with them) is a lot less secure than one would think. Such advertising of biometric security might seem impressive, but it leads to a false sense of security. In this day or digital privacy and identity theft, relying on such an insecure authentication alone is not a good idea.

As an aside, here is an interesting article on how fingerprint scanners work at HowStuffWorks.com.