RSA Europe: Two-factor authentication is worth nothing, says executive director, EEMA

Dean, who was speaking alongside ISF’s CEO and President, Howard Schmidt, declared two-factor authentication worthless due to man in the middle attacks. Schmidt disagreed: “The reduction of ID theft and fraud has been reduced with two-factor authentication”, said Schmidt, “and I use the technology with a great deal of confidence. The masses are more secure with two-factor authentication”.

Addressing the government’s cyber security challenge, Schmidt cautioned “we need to modify how we talk about ‘cyber terrorism’”.

“Network terrorist organisations are focussing their efforts on financial gain. They are working with criminals to build up a fund”, said EEMA's Dean.

Schmidt and Dean were in agreement that one of the biggest challenges facing the government is collaboration with the private sector (up to 85% of critical infrastructure is owned by private industry). “Working with the private sector is a slow process”, said Schmidt, but it’s an important partnership and essential to have ‘a seat at the table’”.

“Governments are dependent on the private sector to secure infrastructure” said Dean. “If we, as an industry, don’t make bigger strides, there will be more government legislation. The threat of government legislation alone drives changes. Regulatory governance will always be a few paces behind” he said.

Digital Pearl Harbour

In response to an audience question, Schmidt declared the likelihood of a ‘digital pearl harbor’ less likely than ten years ago. “There’s certainly potential for an attack similar to those on Estonia and Georgia, but we’re in a position to recover better than ever before”.

Schmidt admitted a “tremendous resource issue” with law enforcement. “Other threats, like physical terrorist attacks, and stabbings are diverting law enforcement’s attention away from cyber security. We still have 18th century laws looking at 21st century technologies – that needs to be changed”.

Schmidt referred to the seeming delay in President Obama’s appointment of a cyber-czar, stating that “I’d rather the government take their time in employing the right person, rather than rushing it. Things are being done, but it’s just not out in the open yet. There’s some confusion about what the roles are, and that will take time”.

What’s hot on Infosecurity Magazine?