“With every new service or connected entity, a new attack vector is born,” said Oded Yarkoni, Head of Marketing at Upstream Security. “These attacks can be triggered from anywhere…”.
I agree and the opposite is also true; correcting higher-level security issues eliminates many downstream attack vectors. In cybersecurity the highest-level mistake put into motion a number of security violations.
The highest-level cybersecurity error: Moving secure activity into a browser-based public environment. From here each solution to mitigate public access created a new attack vector. 20 plus years later, there are too many mitigation-based attack vectors to secure!
Merging public and secure activity provides access to unknown entities. Then using indirect assertion of identity for authentication introduced “informed” guessing as a security protocol. Guessing identity is not valid in any security protocol.
Existence-based access creates a presence at a secure environment. Data is a second factor. Existence removes browsers, public access & guessing from secure services. The downstream effect of presence is an improvement.
A presence check before executing a transaction is essential authentication. ”If I’m not present it’s not me!”