The threat landscape at federal agencies is becoming more and more complex with the addition of new technologies. Tim Keanini, chief research officer at nCircle, provides his cybersecurity predictions for the coming year.
Tim Keanini’s Top 3 for 2013
As cloud services are more widely adopted by the federal government, agencies will be subject to a variety of social engineering hacks directed at the password recovery process. Hackers will pose as agency employees or citizens, call the agency and complain loudly that they need urgent access to data. The government’s bias toward citizen service and “Open Government” means that many of these hacks will ultimately be successful. Obviously, this is bad news for cloud users everywhere.
The way users browse the web today creates the perfect environment for cross-site request forgery (CSRF). It’s easy to open a tab for Facebook, a tab for online banking, a tab for an e-commerce shopping site and another tab for a federal agency site. CSRF attacks exploit the trust a website has in the user’s browser to send unauthorized commands to another site. No browser is safe and there is no easy fix for these attacks. Get ready for an exponential increase of these attacks on federal agencies in 2013. Government websites that host a variety of confidential information will be squarely in the cross hairs.
New, multi-factor authentication services based on data from smartphones will emerge as a security solution for a variety of federal applications in 2013. These new services will pair something you know (your password) with location data, biometric data, or device data to make it much more difficult for attackers to break into federal networks and online accounts. Mobile phones are ubiquitous, always on and always available and easy to use – they are the perfect solution to the failure of password security. As the federal government continues to loosen its BYOD restrictions in 2013, we will see an increase of multi-factor authentication services implemented in agency security programs.