The Online Security Game: How to be on the front foot against the opposition

Credit: ID 141530993 © Maksim Shmeljov | Dreamstime.com

Australians love their footy — whether it’s AFL, Rugby Union or league or soccer — and everyone who’s into footy knows that on the field, the best defence is complemented by a strong attack. Believe it or not, this tried and tested sporting strategy also applies to safeguard Australian organisations from increasingly serious online security threats.

Given the increasing scale of data compromises and the speed of execution by the fraudsters, Australian organisations can no longer rely on a passive, defensive online security strategy to get them over the ‘advantage line’.

Overcoming weak defences

In the past, passwords were enough to defend our online world, however, this is quickly changing. With the sheer number of online accounts that each individual has between personal and work use, many people re-use the same password for several accounts. Because of this, organisations are realising that they need to offer a better line of defence for customers and employees to protect their online accounts. Strong password policies are now employed by many organisations. Despite best efforts, the problem is that passwords can still be stolen through a data breach or even a simple phishing attack, no matter how strong or safely stored they are.

Ultimately, passwords are the problem. For added account protection, many organisations introduced two-factor authentication (2FA) as an extra layer of security. Most online services that handle sensitive information such as Medicare, Centrelink, MyGov, ATO, banking and credit card companies, and email providers, now offer 2FA. Most commonly, this is done by sending a one-time code via SMS to the user’s mobile phone. 

Credit: ID 103771081 © Tero Vesalainen | Dreamstime.com

The problem is that cybercriminals are playing dirty and have even developed mechanisms to bypass certain 2FA methods such as SMS codes or mobile authenticator apps by using decoys. For example, SMS codes can be compromised by SIM swapping, a simple trick to steal people’s mobile phone numbers and move them to a different SIM card. After obtaining user credentials through phishing or a leaked database, the attacker will also be able to obtain the victim’s one-time codes, and therefore, access their online accounts. 

Changing the game strategy

Just like footy, where successful teams have won trophies due to changing their game strategy to get over the advantage line, the good news is that many online services are doing the same by providing stronger defensive strategies. They’ve expanded their 2FA offerings to include hardware authenticators — more commonly called security keys — for stronger security and improved user experience. By requiring physical access to a device to successfully log in to online accounts, it provides a stronger defence against targeted attacks like phishing or man-in-the-middle. 

A recent study by Google reviewed more than 350,000 wide-scale and targeted attacks and showed that security keys were the most effective at stopping account takeovers. 

Passwordless logins are also beginning to grow in demand and popularity with the World Wide Web Consortium’s (W3C) recent standardisation of WebAuthn, the new global standard for web authentication. This sets a new bar for user authentication and is considered best in class for protecting user accounts, much like the defenders in the best footy teams. With support in all major browsers and platforms, and a growing list of compatible services, WebAuthn allows organisations to adopt and enforce a passwordless login experience through a wide range of strong authentication methods including security keys or built-in authenticators such as biometric readers. 

Ahead of the game

Staying on the front foot with online security allows organisations to regain control over their critical information and assets. Rather than continually revising their defensive strategy, organisations are now able to go on the attack, by providing their employees with a physical security key equipped to bridge the gap between today’s authentication scenarios and the future of passwordless logins. This security key now becomes the strongest weapon in their arsenal against any attackers to help them stay ahead of the game.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Yubicocybersecuritysecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?