A Path to a Secure Cyber Future

A recent report stated there were over 4 billion breached records in 2016. This is a number that the human mind has a hard time conceptualizing so here is how it translates. There were on average 127 breached records per second in 2016.

I accept that everything I write can be wrong. I am willing to learn, evolve and adjust as I learn new information; are other cyber experts? Can admission of mistakes not come with retribution? The cyber crisis is far more than a technical problem. We are at a crossroads where personal responsibility and self-respect are going to have to rule our actions. Hindsight is 20/20 and reevaluating past actions must become a regular practice. This process should foster growth, not blame! Valid decisions, at the time, may no longer be valid. Learn, adjust and take action.

Browsers are needed for exactly what the name says: browsing. The important thing to understand is that there is nothing about secure access that should be browsed! Words have meaning and the name for Browsers was chosen correctly and identifies their purpose. The Browser’s usage has been applied incorrectly because individuals choose to ignore the meaning of the term browse!

Cyber security has been built on the assumption that Browser-based access is required: a “given” fact. This underlying assumption is the heart of cyber failures. Browser-based access means an uncontrolled cyber attack surface. After the AOL breach in 2005, the tech industry focused on how to prevent the same attack method from being successful next time. This has been the response to every subsequent breach: patch, patch, patch. Where has analysis been?

As a result of the browser-based access assumption, the tech industry has focused security on servers and end users. There was no holistic vision in this model resulting in a failure to secure data. There is a major component in this model that has been ignored, the portal.

Moving secure data to the Internet was a logical progression. Cramming it into a public access model however was a choice. Leaving a secure access portal permanently open in a public environment is also a choice.

I understand that there are numerous connections related to complex networks. Once public access is removed, each of these connections can be evaluated, monitored, and/or eliminated. Once only known users can access an environment’s portal the value of these connections will be clearer.

Applying the concept of physical-presence-identification on the Internet changes everything but this level of security is not for everything. A serialized token that creates a portal and automates connection to a secure environment offers amazing opportunities.

• Law Firms can remove public portals to their files. A serialized token permits identity assurance for role-based access and subsequent forensics, if necessary. But more importantly the Firm can reject every connection that is not their Firm’s token. Tokens can be distributed to clients and secure communication can be conducted token-to-token within the Firm’s secure environment. There would be no public access to privileged attorney/client communications. Privacy: what a concept!
• Banks can remove the portal to online services from their websites and still provide secure online services to their customers. Their website continues to market and solicit customers. However, customers use their uniquely serialized tokens to access online banking; only known users gain access to the portal! A serialized token connected to the bank provides interesting possibilities for online credit card authorizations: no token, no approval. The bank can check for the token before approving a charge. Why steal credit card data if the related serialized token is needed for online charges?
• Medical Records and medical histories can be delivered to a token-based insurance card. Connect the token, the insurance organization queries their billing database and constructs a basic history of historical treatments. (White paper on website) Think about the capture of fraudulent charges, the ability to prove physical presence at a facility for billing verification and more.

The fact is that better cyber security is beneficial for every party involved. I cannot think of a single benefit from continuing a failed access model. Can you?

A physical-presence cyber security model provides a clear measurable increase in any organization’s cyber security stance. Ask every vendor what percentage of improvement does their product provide over currently deployed products. If there is no maths, there is no improvement.

Active Access Control (Physical-Presence-on-the-Internet) provides more than a 99% improvement in almost every organization’s cyber stance upon deployment and the math has been published. The time for action is now.

Assuming you generously gave me 5 minutes of your time to read this article, thank you … and more than 38,000 records were compromised while you read it!

When failure is no longer acceptable, Active Access Control technology is ready to serve!

Cyber Safety Harbor, Your port in the cyber storm.

Related Post: “Access Control + Integrity = Cyber Security“