The latest Hi-Tech Security Solutions Executive Roundtable Breakfast focused on executives from the healthcare and financial markets, explaining the importance of effective identity management and the benefits of biometrics in reducing fraud and protecting data and transactions.
The event started with a keynote by world-renowned business strategist Clem Sunter, who spoke on the Possible Scenarios in a Future South Africa. Sunter spoke on a similar topic about a year ago in an Executive Breakfast targeted at mining executives and it was interesting to see how his scenarios had panned out. Sadly, they were scarily accurate.
They problem with scenario planning is that it is easy to predict an outcome, or possible outcomes, and judge the accuracy of the predictions after the fact, but it is not helpful. Sunter says the idea of flags or signposts that a particular scenario is happening or about to happen is crucial for strategy planning, whether for business or government – especially when one adds consequences to the flags.
When you have flags as part of a possible scenario, it becomes easier to see the scenario as it happens, allowing one to adapt and make a plan to deal with the situation. Knowing the consequences in advance makes plans for adaptation more important, as well as more accurate than a wait-and-see approach.
Sunter also warned that scenario planning is something that needs to be part of an action. He advises planners not only to have the conversation, but to do something about it and be ready for changes.
Security scenario
While Sunter’s keynote was broadly focused, he started with a scenario all too familiar to the executives present. He says recent US figures note that fraud in companies is committed by insiders over 70% of the time. More importantly, most of these people have no record of criminal activity before committing the fraud.
This means that checking the criminal record of the perpetrators will not flag them as a risk. They can work in a company and legitimately access sensitive data or bank accounts with a valid identity – normally a username and password.
Global and local future scenarios
To see what scenarios Sunter came up with for the global economy and South Africa last year, please refer to the article at securitysa.com/*sunter1. There are two primary scenarios for the global economy at present, according to Sunter: Hard Times and Ultra Violet.
Hard Times has the global economy continuing poorly for a long time. Some of the flags include age demographics, with Japan as the poster child of a country with an ageing population. The EU is also in a crisis in this regard, with Italy, for example, showing a population decline over the past eight years. The US is not looking too bad as it has an increasing population of 35 to 45 year olds, which are critical to consumer spending. While this is a tough economy, Sunter noted that if you can offer value for money and innovation in this environment, your business can still thrive.
Ultra Violet is a scenario in which the ‘old economies’ remain flat and uninspiring, while the new or emerging economies recover and grow quickly. China is, of course, a major factor in this scenario. The Chinese flag is if it manages to keep growth to over 8% or not. If this happens, Ultra Violet is likely to be the reality. If not Hard Times are coming.
Sadly, Sunter says he is leaning towards Hard Times at the moment, because things are not too rosy for China. There are three flags that indicate China may not be the boost to the global economy we want it to be:
1. Its one-child policy is going to come back and haunt it in the long term because of the demographic imbalances, even though it has a healthy demographic now. In 20 years, China will have more people over 50 years of age than under.
2. China is also becoming a more expensive economy and it needs to move from replication to innovation to continue its growth.
3. There are many empty properties in China, including a few empty cities, raising the spectre of a property bubble.
So, even while the US is in recovery mode, Sunter says there is a higher probability of the Hard Times scenario.
The local league
Sunter has three scenarios for the future of South Africa. The first is where we compete in the premier league among nations, which are all striving with each other to improve the lives of their citizens. Sadly, while South Africa should be ranked between 30th and 35th in the global competitive rankings, last year we were at number 59. There is also a lack of certainty among foreign investors given recent activity in the country which does not bode well for the future.
This and other factors could put SA in the relegation zone, the second scenario, where the country slides into poor third-world status but remains peaceful. This will have a significant impact on tax revenue and foreign investment, especially in the light of the large amounts of money we require to improve the electricity and water situation.
The third option is a failed state, which will happen if violence breaks out. In this scenario, South Africa will become too violent and unpredictable and will be abandoned by the rest of the world – much like Syria.
Some of the flags for a failed state include nationalisation which seems to be off the table right now, a badly implemented national health system and a media tribunal with secrecy powers. The recent Secrecy Bill is a concern in this regard.
An important flag, possibly the most important, is land grabs. As one minister from Zimbabwe noted, at the first land grab in that country the economy did not slow down, it ‘hit the wall’. Locally, if this happened the rand would most likely soar to R100 to the US dollar, prices would soar and hyperinflation would set in. There is a crucial need to keep this flag down and the uncertainty of this risk is why the probability of a failed state has been raised.
The probability of a failed state is therefore no longer a wildcard, but has risen to a significant probability of 25%.
With the above (and more) as background, Sunter offers the probability for South Africa’s three scenarios (premier league, relegation and failed state) as 50%, 25% and 25%. This is significantly different from last year where the probabilities were 70%, 50% and 0%.
Having the numbers is not enough, however, we need to do something about it.
IT identity crisis
Following Sunter’s eye-opening presentation, Mark Eardley, an identity management consultant spoke on the identity crisis the world is facing in the information technology sector.
He started with a quote from George Tenet, the director of the CIA from 1997 to 2004: “We have built our future upon a capability that we have not learned how to protect. We have ignored the need to build trust into our systems. Simply hoping that someday we can add the needed security before it is too late is not a strategy.”
Eardley says that in spite of all the advances in corporate IT in the past 50 years, we are still reliant on the concept of CPPs (cards, PINS and passwords) to identify and authorise activity within our corporate systems. This is an inherent flaw: anyone can use yours and you can use his or hers. What is more, they are routinely lost, stolen or simply forgotten.
The fact about CPPs is that all they verify is that the card or password is present, it can never confirm that a specific person is using the credential. This misuse of credentials is growing on an unprecedented scale. Eardley says Interpol President, Khoo Boon Hui, speaking at an Interpol Conference in Tel-Aviv in May last year, noted that for every dollar lost to robbery, 117 dollars are lost to cybercrime.
Using biometrics to authorise and grant access to the digital world is the only answer to this problem at present. Using biometrics, not only can people be granted access to the appropriate applications and data, but only the authorised person can access them as you cannot lose or lend your fingerprint or face to a third party.
He adds that fingerprint biometrics are the most popular form of biometric identification today because of its simplicity and reliability. The old technology that had a reputation of being unreliable has been replaced and today biometrics are used for the most secure installations.
Of course, he adds that not all biometrics are manufactured equal. When choosing a biometric technology, it is important to choose one with a good reputation (not only a low purchase price) as well as one that has been certified according to globally accepted standards, including FBI, NIST and FIPS standards. Some biometrics manufacturers forgo keeping their certifications up to date, which is a telling sign for the buyer.
Eardley concludes that buyers must educate themselves to be able to ask the right questions to ensure they acquire solutions that will deliver the secure service they require.
In ending, Eardley says these days the first rule for everything related to security is “trust, but verify”.
The business case for biometrics
Alan Goodway, business development executive: innovation at Business Connexion followed with a presentation on the Total Business Case for Modern Biometrics.
Goodway echoed Eardley’s comments on CPPs, noting they have a long history of use in the IT industry, becoming more complex and even being automatically changed at regular intervals more recently. They have even been linked to personal identity numbers (PINs) and more recently, one-time PINs and smartcards. Yet they have not been successful in preventing attacks and significant financial loss.
The three sectors primarily targeted by cyber attacks are the finance, government and telecommunications sectors. Alarmingly, he says that in more than half of the cases investigated, none of the losses had been recovered. Additionally, on average, approximately 5% of company turnover was lost due to these cyber fraudsters. (According to the 2012 International Report Occupational Fraud and Abuse – Association of Certified Fraud Examiners (ACFE) (May 2012)).
Unlike Sunter’s figure of 70% in the USA, Goodway says in almost 90% of cases investigated, the fraudster had no previous history of any fraudulent conduct. Moreover, the longer he/she had been employed, the higher the losses. And sadly, less than 3% of fraudsters are convicted.
Goodway also recommends replacing CPPs with fingerprint biometrics, “as a matter of urgency”. Of all the different biometric options available currently, including face, fingerprint, iris, palm, voice, signature etc., fingerprint is the most advanced and most widely used and trusted.
He recommends using a system such as SuperSign to replace all system passwords and PINs. SuperSign is a locally developed application that replaces passwords with biometric authentication for Windows authentication solutions, as well as Web access (including banking) as well as application and transaction authentication. There’s also the GreenBox authentication and form management solution, (see more in Hi-Tech Security Solutions at http://www.securitysa.com/5749r or http://www.securitysa.com/5759r).
Goodway adds that there are many mobile terminals currently in use that use biometrics for authentication for a range of applications. These range from:
* Medical practitioner patient identification (biometric) and benefits statement (from in-house application) to prevent patient fraud at service points for a large SA-based medical aid;
* Banking applications (new client engagement, servicing customer base in bank and remote areas such as pensioners, elderly, sick etc., and onetime PIN-enabled Internet banking);
* Population census/voting; and
* Other business application where identity is key, combined with access control or time & attendance.
In summing up, Goodway reiterated the challenges companies face today when it comes to authentication in the healthcare industry. These include:
* Card issuing is labour intensive and time consuming;
* Photo identification not guaranteed;
* Fraudulent activity due to card swop out;
* No access to complete medical history;
* No benefit validation at point of service; and
* Service provider payment not guaranteed due to lengthy claims process and benefits disputes.
The solution, according to Goodway is the integration of fingerprint biometric technology into corporate applications and systems to replace passwords and PINs and their respective identity authentication weaknesses.
The event was closed with attendees networking and talking to the presenters, as well as getting some hands-on experience of fingerprint biometric devices at the Ideco display.
| Tel: | +27 11 543 5800 |
| Email: | [email protected] |
| www: | www.technews.co.za |
| Articles: | More information and articles about Technews Publishing |
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version