At the 5th Annual Cyber Security Executive Summit I had the pleasure of speaking with a fellow panelist Allen Pomerantz, the Chief Security Officer of the Philadelphia Stock Exchange.
We discussed the comments made by one panelist on web application hacking and the dangers of phishing. In our discussion he mentioned the panelist supported the view that end users should be educated about the dangers of online fraud (phishing, etc.) We both agreed that end user education will not work. I mentioned the Harvard study, Why Phishing Works, as an example of why end user education will not work.
Allen suggested that banks use their transactional fraud detection software to determine when an account has suspicious activity. It dawned on me that this is ultimately the solution to the two-factor proxy authentication issue.
Technology controls will not stop a proxy server, but preventing possible fraudulent account transactions can stop a criminal.
While it is important to reduce online risk through technology controls, organizations need to run transaction software that will detect possible fraudulent transactions and prevent those transactions from occurring until authorized.
Popularity: 17%
One Trackback
[...] My blog entry “Toward a phishing solution, given the two-factor proxy authentication issue” discussed this in September 2006. [...]