Toronto’s Route1 Inc., a security and identity management company that provides solutions to the U.S. Navy, the U.S. Department of Homeland Security, the U.S. Federal Courts, the Office of the Privacy Commissioner of Canada and a myriad of other organizations, today addressed the vulnerable state of pcAnywhere following Symantec’s warning to its users of its remote control software advising them to disable it.
Tony Busseri, CEO of Route1, believes that the potential for catastrophic damage from this security breach is symptomatic of a much greater threat. “Solutions that enable remote access must be founded on securing and assuring the identity of an individual, not a PC, tablet, smartphone or other device.”
Important, yet unfortunate to note is that according to a whitepaper published by Symantec, “If the malicious user obtains the cryptographic key they have the capability to launch unauthorized remote control sessions. This in turn allows them access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, it is also possible for them to perpetrate other malicious activities on the network.”
In an analysis of the past year’s security breaches and best practices in data security, privacy, and data collection, the Online Trust Alliance (OTA), an industry standards group, reported that in calendar 2011, over 558 incidents were reported at a cost to US businesses of more than US $6.5 billion. It is estimated that over 50% of the incidents were as a result of a server exploit. The average cost incurred last year by each business for a data breach was US $7.2 million or $318 per user record compromised – an increase of over $100 per user record from calendar 2009. These incidents also consumed on average more than 600 man-hours per incident.
Unlike other offerings, sessions that utilize Route1’s technology prohibit data from exiting the host computer or organization’s firewall, thereby eliminating any risk of cache, file transfer, middleware or footprint on a guest PC. The inherent architecture of Route1 technology ensures and protects the integrity of all data files and material, which is defended from malware, viruses or other attacks.
“There must be a paradigm shift in the overall philosophy of how data files are accessed,” added Busseri. “Remote users should have tools for an identical user experience to perform their duties as if they were onsite, but no data should ever be stored on any device or permitted to exit the organization’s firewall, thereby eliminating any risk of cache, file transfer, middleware or footprint on a guest PC.”
Mr. Busseri finished, “There is no such thing as perfect security, but without a dramatic shift in the approach to data security, it is reasonable to expect not only an increase in the number of cyber attacks, but also a much steeper cost – financial and other – with devastating consequences.”