Protecting passwords from hackers

Q&A with IT security expert Mark Knight

Knight: It’s an arms race at the end of the day. Whatever the IT community does, the attackers are always looking for new techniques to counter that. I think the most important thing is that we learn from the breaches. It would appear from the recent breaches that these aren’t isolated incidents. There’s a successful attack and the same or other attackers apply similar techniques against other service providers. You start to see this sort of epidemic of very similar breaches and I think the most important thing is firstly, that we learn from the breaches. Whenever we see a breach it’s always easy to blame the organization that’s lost data and I think it’s very important, rather than casting blame, we actually say “wait a minute, what can we as an information security community learn from this breach and how can we use this to improve security and make sure that attack, which is now well understood, can’t easily be repeated.” The second thing is to be more proactive in terms of preventing attacks, not waiting until you’ve been breached and not to assume that it’s never going to happen to me. Let’s go back proactively and review the security measures, the security approach I’ve taken and the threats that I consider to be realistic. That’s an expensive process, but if organizations start to do that, ultimately it’s going to make it much, much harder.