More than $8 trillion dollars, the US Department of Commerce estimates, are exchanged over wired and wireless networks each year and it is growing.
"These are done over mobile devices and business and government systems," said Howard Schmidt, the former cyber-security coordinator of the Obama Administration, at a recent infocomm security seminar in Singapore. "So, if you disrupt the internet, it will have a dramatic impact on our economic ability."
Additionally, by end of 2016, the majority of Global 1000 companies will have customer-sensitive data stored in public clouds, Singapore's Minister for Information, Communications and the Arts, Dr Yaacob Ibrahim, cited Gartner's prediction in his welcome address at the same event organized by the Infocomm Development Authority of Singapore (IDA) and the Association of Information Security Professionals Singapore.
Hence, US initiatives such as the National Strategy for Trust and Identity in Cyberspace (NSTIC) and the National Initiative for Cyber-security Education (NICE) have embarked on specific strategies to combat or mitigate cyber-security risks spawned by cloud computing and mobility. "[The NSTIC aims] to create a marketplace where we have identity providers, both private and public, that can help us issue trusted credentials [that prove identity and improve upon the passwords currently used to log-in online]," said Schmidt.
Trust and identity
Schmidt blames the unmanageable number of user IDs and passwords that people must remember for the continued success of attacks such as phishing and spear phishing. "[Every time] I need to use a password again, I forgot what it was. So, to make it easier, I try to use the same one, which is always a security problem."
"We're now talking about one-time passwords [issued through a mobile device] for financial services," he added. "I have an application on my iPhone that [helps me get a one-time password] without me connecting to [the service provider's] network and I have the ability to use that across multiple sites."