Connect with us

Security

Importance of Security Culture in Zero Trust Security Models

Published

on

, SiliconNigeria

By Anna Collard

During a preview of this year’s RSA conference, a team from Orange Cyberdefense demonstrated a range of pretty scary scenarios of what can happen when malicious actors take control over a user’s home router. These range from duping users into downloading payloads dressed up as fake VPN software updates, capturing user’s credentials or redirecting traffic that should be going over the VPN to the threat actor.

Typically, home routers are outside of the enterprise security control and often not very well protected. The majority of people trust their ISP to set up their home access points for them, frequently resulting in default settings such as admin/admin credentials. Home routers are frequently attacked by criminal and state actors alike.

Despite the easing of lockdown restrictions, many people are still working from home and will do so for the foreseeable future – connecting to the internet and their corporate networks via their private home routers and Wi-Fi access points.

The increasing complexity of delivering services to this highly distributed user base, many of which connect via untrusted devices, coupled with an evolving threat landscape, is highlighting the importance of Zero Trust security.

Zero Trust is a security model based on a set of design principles that assumes that a breach is inevitable or has likely already occurred. Zero Trust architectures limit access to only what is needed, repeatedly check whether users, devices, services or network components should be trusted and monitor for malicious or abnormal activity.

It is more than just a technology architecture though; it is a long-term philosophy and requires a mindset change amongst everyone involved. To succeed, it is essential to create a security culture that embraces Zero Trust. This means broadening the conversation and explaining Zero Trust principles to business leaders, IT administrators and general users. Trust is an important component of doing business, so the context of Zero Trust has to be explained in a positive way. It is not about not trusting individuals, but rather about the reducing the potential likelihood and limiting the impact of a breach, as well as damage control if or when devices, networks or identities are compromised.

To effectively mature your security culture, you have to positively influence it. People generally want to do the right thing, but instilling fear and uncertainty does not empower them. You have to inspire trust in order to succeed with Zero Trust. This means creating a security culture program that not only raises awareness for the importance of security and Zero Trust concepts, but enables people to take responsibility for their participation in the security program. For example, educate your employees on how to spot, report and get help when they see suspicious activity, to be extra vigilant of social engineering attacks while working from home, and the necessity of reducing their privileges as part of the Zero Trust roll out. 

Anna Collard is the, SVP Content Strategy & Evangelist at KnowBe4 Africa

Continue Reading
Advertisement Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Digital Economy

Championing An Inclusive Digital Identity Approach In Africa – At Scale

Published

on

, SiliconNigeria

As digitisation accelerates across Africa, the demand for liveness detection and online identity authentication services has become critical. The act of identifying ourselves is under rapid transformation, especially when it comes to using biometrics to access financial and governmental services. If executed correctly, this offers an opportunity for greater inclusivity than ever before.

Gur Geva, Founder and CEO of iiDENTIFii, says, “Face biometrics offers a ground-breaking solution to identity verification (IDV) on the continent in that it is secure and simple to use. Yet this solution will only truly work if the algorithm that underpins face biometrics is trained on the full scope of African faces and can be executed at scale.”

Historically, proof of identity was only available to those who could fulfil a rigid set of criteria. One of the main barriers to a person opening a bank account, for example, would be the inability for them to prove their identity without any formal identity document or proof of formal address. According to the World Bank, 57% of Africans still do not have any kind of bank account, including mobile money accounts. This translates to about 360 million adults in the region and approximately 17% of the total global unbanked population without access to formal financial services, a recent study by BPC and Fincog found.

Sustainable Development Goal 16:9 aims “to provide legal identity for all, including birth registration by the year 2030”. Digital identity plays an active role in meeting several other SDGs, including universal health and education access and financial inclusion.

Remote face authentication is a crucial step in bridging the digital divide in Africa.

Geva explains, “The digitally excluded are missing out on access to social and financial inclusion. Those who do not have access to newer technologies are disadvantaged in healthcare, education and financial support. The mere ability to confirm one’s identity digitally is a key that opens the doors to essential financial and civic services without the risk of impersonation or fraud.”

Diversity in face recognition is the key factor for success in Africa. Yet historically, a large-scale database of African faces has been lacking. Thanks to new developments in technology, this barrier is no longer in place. Geva adds, “Respecting diversity in biometric authentication is a core consideration in our business. For this reason, we have trained our algorithm on over 50 million African faces. This translates into identity for all, but specifically identity for all Africans.”

Through a triangulated authentication process, iiDENTIFii’s technology establishes that the person on the other end of the screen is real, live and transacting at that moment. This multi-faceted facial scan is further verified with key data from the person’s ID document and information from the relevant government databases. “Identity fraud has historically been difficult to detect. Our technology can authenticate and automatically onboard a person in under 30 seconds. Our algorithm vastly reduces false accept and reject rates, fully protecting consumers and businesses,” says Geva.

A focus on verifying a living person, in other words establishing ‘liveness’, ensures that correctly mapping and verifying a diverse range of faces is possible. Geva explains, “With our technology, we are able to establish 3D passive and 4D biometric liveness. Our 4D Liveness is resilient to deepfake and replay attacks. It comprises different colour lights that reflect in a certain sequence off the user’s face which helps determine true biometric liveness.”

Inclusivity in technology extends beyond diversity. It also raises the issue of accessibility. “We have created a technology platform that can be used by very low-end through to very high-end smartphones,” says Geva, “Users can also access the platform via a mobile Software Development Kit (SDK), as well as web-based/browser SDK – which allows them to just click on a link to authenticate themselves, as opposed to downloading a large SDK onto their phones.”

With a simple, fast and secure approach that takes the full scope of African faces into account, biometrics becomes a compelling catalyst for financial and social inclusion. Geva concludes, “We believe that, with the right technology, all Africans can claim their identity and use it to their safety and benefit.”

Continue Reading

Security

NCC Washes Hands Off Obi Audio Conversation With Oyedepo

Published

on

, SiliconNigeria

Nigerian Communications Commission (NCC) has refuted reports of alleged complicity of the commission in the leaked audio conversation between presidential candidate of Labour Party (LP) Mr. Peter Obi and founder of the Living Faith Church, Bishop David Oyedepo.

In the audio conversation that went viral on social media, Obi was heard telling Oyedepo that the 2023 election was a “religious war,” and urged the pastor to mobilize Christians in parts of the country to vote for him.

Although Obi in the conversation did not appear to have incited religious violence, some politicians condemned the said statement, insinuating he plotted to divide the people on religious lines, a very sensitive issue in a polarised country after the February 25 presidential election.

In a statement, the director of public affairs at NCC, Reuben Mouka, debunked the allegations that the commission got the audio via phone intercepts and leaked it to Obi’s political opponents, an accusation it strongly denied.

Part of the statement read: “The Nigerian Communications Commission (NCC) has been inundated with enquiries by the media on allegations of telephone tracking and leakage made against the commission by some individuals and groups in the social and alternative media.

“The commission wishes to make the following clarifications: The commission denies the allegations in their entirety. By the provisions of the Nigerian Communication Act (NCA) 2003 and other extant Laws of the federation, the commission does not and cannot track nor leak telephone conversations of anyone.

“The commission has reported the allegations, which we take seriously, to relevant security agencies for proper investigation and necessary action.

“The commission restates its commitment to discharge its responsibilities to the Nigerian people in accordance with the provisions of the Constitution of the Federal Republic of Nigeria; the NCA 2003; and other extant Laws of the Federation; and global best practices.

“For the avoidance of doubt, the commission denies these allegations and advises the public to disregard them.”

Continue Reading

Security

NCC Recommends 2-Factor Authentication For WhatsApp Users

Published

on

, SiliconNigeria

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has recommended that users of the popular messaging app, WhatsApp, set up Two-Factor Authentication (2FA) to avoid falling victim to account takeover by hackers.

In an advisory, NCC-CSIRT noted that WhatsApp, which is a Meta-owned service, is increasingly becoming a prime target for hackers and scammers who are always looking for ways to gain unauthorized access to users’ accounts.

The CSIRT described two-factor authentication (2FA) as an identity and access management security method that requires two forms of identification to access resources and data.  

According to the advisory, “In the world of messaging apps, one of the most popular and recognizable is WhatsApp. WhatsApp is 100 per cent free to use, has a great mobile app, and supports audio and video calls. Whether you rely on WhatsApp for all your messaging needs or just use it from time to time, it is recommended to set it up with two-factor authentication (2FA). With this enabled, you will need to enter a custom PIN every time you log in to WhatsApp from a new device, adding an extra layer of security to your account.”  

The Team said, “2FA gives businesses or people the ability to monitor and help safeguard their most vulnerable information and networks. The 2FA is important because it prevents cybercriminals from stealing, destroying, or accessing your internal data records for their own use”. The advisory stated.

Continue Reading

Popular News