Companies have started to use more cybersecurity tools than ever before, however, the threat landscape is also ever-evolving.
These days, every modern company relies on a whole system of software to help employees collaborate, manage, and store workload. But with so many accounts and users that need different types of access to company data, issues like forgotten credentials or even data breaches can become a common occurrence, if appropriate measures are not installed.
To talk about the importance of quality identity management, we interviewed Mike Newman, the CEO of My1Login – a company providing a passwordless experience for enterprises.
How did My1Login originate? What would you consider to be the biggest milestones throughout the years?
My1Login was born out of the frustration of having too many enterprise passwords to remember. I was working in a UK PLC and, in a non-technical role, had the region of 24 different corporate applications to access, all of which required different passwords as they weren’t compatible with the corporate Single Sign-On. Thousands of employees across the business were in the same position and I decided that there had to be a better way to solve the problem of users needing to manage passwords, whilst making the enterprise more secure.
Can you introduce us to what you do? What technology do you use to ensure frictionless and secure authentication?
My1Login mitigates the financial and reputational damage of a data breach for enterprises by removing passwords from the hands of users and placing the business in control of identities. Our solution can be configured to run in the background for users, whilst providing a passwordless experience from day one to minimize user friction, enabling a step-change in the enterprise security posture.
What are the most common methods threat actors use to bypass various identity verification measures?
Phishing and impersonation are the two most commonly used methods to gain unauthorized access to company information and systems. The move to the cloud has hugely increased the number of credentials users have, making them infeasible to manage without resorting to weak passwords and practices which make organizations more susceptible to the threat of phishing and account takeover.
How do you think the recent global events affected the cybersecurity landscape?
The Covid pandemic has seen a paradigm shift from working from home being the exception to being the common case, and a combination of remote and hybrid working is now the norm. This has meant that a variety of business systems that were safely behind the corporate firewall had to be available remotely, together with remote workers increasingly using cloud software without their organization’s knowledge or permission (i.e. Shadow IT). Both of these new trends have made it increasingly difficult for organizations to ensure access to corporate applications, systems and data is secure.
Besides quality identity management solutions, what other cybersecurity measures do you think every company should implement nowadays?
There are multiple measures that organizations can use to improve their cyber security. Firewalls and VPNs are key to defending and protecting your network borders. Anti-virus and anti-malware software is a given, but endpoint threat detection can tell you how vulnerable your client devices are to attack. Engaging security training to keep your team up to date on the latest threats, along with internal phishing campaigns to identify members that require additional support. Regular penetration testing – both manual and automated – to probe your organization’s defenses.
As for personal use, what security measures can average individuals take to prevent their identity from being stolen?
Remaining vigilant and skeptical are the two most important steps individuals can take to prevent their own identity from being stolen. The sheer volume of systems and applications, where individuals store their data online necessitates a technical solution to manage that access. A password manager is a great option in this case, since it does the heavy lifting of providing strong credentials and removes the typical poor practices of password reuse and weak passwords which often lead to account takeover and user identities being stolen. Having up-to-date virus protection, and applying OS updates in a timely fashion are also good practices to reduce risk.
What identity-based threats do you find the most concerning at the moment?
There are many strong contenders for this title, but phishing is probably the most concerning identity-based threat. Of the 39% of UK businesses who identified an attack this year, the most common threat vector was phishing attempts (83%). With 3.4 billion phishing emails sent every day, and the rise of Phishing as a Service, the effectiveness of typical protection measures, mail filters, and cyber training, is being questioned. Forward-thinking organizations are now trying to tackle the root cause – the passwords themselves, to prevent unauthorized access and the financial cost of a data breach or ransomware attack.
What do you think the future of identity and access management is going to be like? Do you think the use of biometrics is going to take off?
Biometrics is here already and here to stay, just look at the proliferation of biometrics tied to smartphones these days. Whatever these devices evolve to become, they will be increasingly tied to us as individuals, meaning in terms of identification and authentication, wherever you are, you will always carry something you have, capable of detecting something you are and allowing you to enter data about something you know. The key to the future is about ensuring that front-end capability can be used to bridge the gap to authenticate with apps that aren’t yet ready to support biometrics and that’s where My1Login comes in.
Would you like to share what’s next for My1Login?
Our mission has always been to address the polarised tension that typically exists between convenience and security by making authentication frictionless and unobtrusive to users. To enable this, we’ll continue to focus on deeper integration with other aspects of the ecosystem, such as harnessing more native smartphone biometric features and using that delegated trust to provide users with seamless onward authentication to other applications.