Remember meForgot password?
    Log in with Twitter

article imageQ&A: Hackers access files from the sound of keystrokes Special

By Tim Sandle     Oct 1, 2019 in Technology
An alarming new report finds that hackers can crack a password by recording keystroke sounds and using software to work out the combinations that have been used. Expert Ivan Blesa looks into the issue.
A study has from Southern Methodist University in Texas has found that hackers can work out your online password from the sound of your keystrokes. In trials, cyber experts were able to detect what was being typed with remarkable accuracy using just a smartphone.
To understand the implications and preventive actions that can be considered, Digital Journal spoke with Ivan Blesa, Director of Technology, Noble.
Digital Journal: What is the newly identified hacking threat?
Ivan Blesa: The threat landscape is constantly evolving, with cybercriminals regularly coming up with new and innovative ways to wreak havoc on businesses.
For example, researchers recently discovered that hackers can work out your online password from the sound of your keystrokes. In this case, we’re lucky the threat was discovered by researchers looking to improve security, but worryingly, cyber-criminals could use this method of hacking passwords to break into networks without being detected.
Therefore, it’s crucial that businesses have the tools in place to detect intrusions before any business systems are compromised or data stolen.
DJ: What are the main risks for businesses?
Blesa: This study, and the countless number of breaches that make the news, are further nails in the coffin for passwords as an authentication method. Businesses that are still relying on them should rethink their strategy. Implementing multi-factor authentication across enterprise accounts is a great first step towards adding an extra layer of security.
DJ: Where are most of these hacks coming from?
Blesa: Cyber-criminals operate in a global environment, and they’re very good at collaborating and hiding their traces. They evolve very fast, and when they strike, they strike hard. Businesses shouldn’t take a reactive approach to defending their organisation by assuming they can work out where the next hack will come from and where it will hit. Instead they should be developing a proactive security posture to prevent attacks from occurring in the first place.
DJ: How can businesses detect these threats?
Blesa: Many businesses rely on network monitoring systems to detect threats to their organisation. Unfortunately, legacy approaches to network monitoring, with systems powered by rule-based automation that works off historical data are no longer adequate. The danger lies in the fact that threat detection is entirely restricted to previously seen malicious behaviour, hindering organisations in their ability to detect new threats.
The good news is technology has advanced so that we’re now seeing a new breed of intelligent network monitoring able to analyse vast amounts of data in real time, detect anomalies, and proactively identify new threats. These tools are powered by advanced automation methods, specifically unsupervised deep learning, driven by unsupervised algorithms that do not focus on previous detected malicious activity.
Instead, it continuously adapts and responds to an organisation’s network behaviour to detect anomalies and proactively look for the unknown, to uncover the first-seen and most sophisticated attacks that we’re witnessing today.
DJ: What can businesses do to better protect themselves?
Blesa: There’s no perfect recipe, and each business will have different cyber-security needs. However, enterprises that are exclusively reliant on reactive solutions will remain on the back foot when it comes to security. By employing deep learning powered tools in their cyber-security infrastructure, businesses will achieve an all-encompassing view of the network, dramatically increasing the chances of proactively identifying potentially malicious behaviours and operational issues. The rise of intelligent network monitoring is proof enough that data breaches are not an inevitable threat facing enterprises and can in fact be prevented from occurring in the first place.
DJ: Does this include working on the internal culture of the firm?
Blesa: Yes. Companies shouldn’t rely solely on technology to protect their business.
However, when talking about internal culture in relation to cyber-security, focus often falls on to the wider body of staff and initiatives such as security guidelines and employee training. While it’s important to get the whole company thinking about security, it can be easy to forget about the employees actually tasked with protecting the organisation. Security analysts aren’t often championed in businesses but their well-being should be of paramount importance when thinking about internal culture of businesses, as they sit at the front line of defence within network security infrastructure.
More about Password, Hacking, Keystrokes, Cybersecurity
More news from
Latest News
Top News