Explore our blog for impactful resources, insightful articles, personal reflections and ideas that inspire action on the topics you care about.
One Kosmos Identifier newsletter graphic

A Lesson from Sergeant Selfie

November 2019 by 1Kosmos Editor
camera icon

If we are honest, most of us will confess to having taken a selfie and posting it to a social media profile in hopes of impressing our followers. So we can show a little sympathy to 24-year-old Alexander Sotkin for posting a series of selfies while he and his group rolled across the border from Russia into Ukrainian territory in July 2014.

What made Alexander’s otherwise forgivable bout of narcissism particularly egregious (particularly to Russian president Vladimir Putin) was that Alexander was sergeant in the Russian Army … a sergeant in the Russian Army that the Russian government said was not in Ukraine’s Crimean peninsula … a claim Sergeant Selfie’s geolocated photographs disputed.

This example of unintended but nonetheless damaging sabotage is familiar to those entrusted with the security of an enterprise’s information assets. People are at the same time the organization’s greatest strength and its greatest weakness. We understand that the employee whose curiosity overwhelmed his better judgement did not intend to become the network’s patient zero. Who wouldn’t want to help a Nigerian prince or see an embarrassing celebrity photo?
Successful breaches are not usually the result of a failure of technology as much as an exploitation of human psychology. Why is that? Why, in spite of the training and cautionary emails (and sometimes public shaming), do the people entrusted with access to our information networks seem determined to go rogue and let the enemy in?

Maybe there is something about human psychology we have been missing that, if we activate, will transform this weakness into a strength. Good news: There is.

Before we move on to what we can do, let’s look at what we might be doing now. Most of the perimeter defenses that secure our networks require users to authenticate themselves using passwords. That most people hate passwords is not news but we might not appreciate the depth of that loathing. Some of us aggravate that annoyance by requiring them to conjure a new password every 30, 60 or 90 days. 

We understand what is at stake in enacting these measures but, to the user, they seem like more obnoxious obstacles that hinder their individual productivity … which is why they migrate from “1pAssword_1” to “1pAssword_2” … the hackers know the game well. The very measure we use to create security actually undermines that security.

What can we do to transform the security vulnerability these irritated and, as a result, oblivious  users represent into an army of vigilant sentinels committed to the protection of the network and its informational treasures?

First, we change the narrative. When presented with an existential threat, people generally rise to the occasion. During World War II, famed anthropologist Margaret Mead was given the assignment of figuring out how to encourage American housewives to ration scarce food to ensure their husbands and sons would have sufficient provisions in theater. What she discovered is that, when presented with the necessity and gravity of the situation, an overwhelming majority of people will find a solution. As Plato said, “Necessity of the mother of invention.”

Fun fact: You can thank Margaret Mead for motivating your parents for exposing you liver as a child. Part of her assignment was to make animal organs more palatable as a means to stretch scarce food resources.

Second, we change the technology. The password-based model clearly does not work. Tokens work better but suffer obvious authentication deficiencies (i.e. they can be stolen or misplaced and are expensive to replace.)  But what if we could create a credential that is 1) easy to use (very important!), 2) very personal to the user (so they are less likely to lose it) and 3) impossible to replicate? A unicorn you say? Not quite. At One Kosmos, we call it Block ID Enterprise.

As stated earlier, technology is not usually the reason our networks are compromised. That said, technology like BlockID can serve as a catalyst for meaningful user adoption and engagement.

How? 

The user engages with BlockID in the form of an application on their mobile device. As we know from our own experience, mobile devices are as precious to us as our family members … we do not let them out of our sight.

Part of the BlockID roll-out process engages users to populate the app with their authentication credentials. Depending on your install, this can include a range of elements including physical or verbal biometrics and even government-issued documentation. Layer that with the device’s native login requirements and you can be sure that if someone is trying to access the network with their BlockID-enabled device, they are that person. After initial enrollment, logging in is merely a matter of presenting that device to the computer’s recognition sensors.

To take advantage of the catalytic opportunity weaving BlockID into your security tapestry represents, consider a pre-rollout education campaign to generate interest and engagement (engage your marketing group to help.) Imagine the cheers emanating from the cubicles when you tell them passwords are going to be abolished! From there, organize brief presentations to departments where you can make the case for the change and explain how they can advance the cause of protecting your organization’s IT vaults … we are in this together, no?

BlockID by One Kosmos might be just what you need to transform Sergeant Selfie into Captain Steve Rogers … otherwise known as Captain America.

Editorial questions, comments or suggestions?

Contact the 1Kosmos Editor

Learn more about 1Kosmos BlockID solutions?

Contact the1Kosmos Sales Team