Growing up, did you ever imagine that we would be fighting an invisible enemy that attacks us through cyberspace? In honor of Cybersecurity Awareness Month, we interviewed a select group of experts in the industry to get their thoughts on cybersecurity and it’s imminent threat. Just for fun we also asked this group of experts what they really wanted to be when they grew up, and tried to imagine how they came to be our defenders against this invisible enemy. We found out that we may have had a scientist, an engineer, an astronaut, a physicist or a musician! Only one expert knew definitively, (since they were 8 years old!) that they wanted to be involved with computer science. Despite their prior aspirations, they all ended up as authorized authorities in the identity and security industry, and all had valuable input on what cybersecurity looks like now and in the future. You have been granted privileged access to their insights.
The “Authorized” Authorities:
David Brossard/ Senior Director Identity Management/Salesforce/15 years in the industry
Nitika Gupta/Principal PM Manager/aMicrosoft
Bertrand Carlier/Senior Manager/ Wavestone/17 years
Joni Brennan/ President/The Digital Identification & Authentication Council of Canada / 20 years
Steve Wilson / Principal Analyst, Constellation Research / Founder, Lockstep Technologies /25 years
25-year industry veteran, who has asked to remain anonymous
IDV: Is digital identity married to cybersecurity or just friends?
Steve: Married — for better or worse. “Identity” is obviously bigger than technology and arguably digital identity should go way beyond cybersecurity BUT going down that pathway has no end. Instead, I’d like to see identity re-framed in more practical and — in fact — more useful terms. We need better ways of digitizing existing personal data and credentials, to preserve provenance and fidelity.
David: More like a child? Cybersecurity seems so much larger than identity but identity is also a pillar without which cybersecurity falls flat.
Joni: They are married and in a polyamorous relationship with Privacy and User Experience.
IDV: What, as an industry, do we know we need to solve but haven’t yet figured out? What’s stopping us? Or is there something that we are overlooking?
Anonymous: How to truly kill off passwords and get organizations to adopt passwordless solutions.
Steve: Poor framing of “identity”, “trust”, “sovereignty”, “ownership” etc. Identity needs to be de-personalised. We need to cut the romantic crap about trust, and tackle cut-and-dried problems.
David: Awareness of our space and demystify what we do. It’s not like in the movies.
IDV: How do you see Cybersecurity impacting elections?
David: It’ll be used by both parties as an argument to attack each other. We need more transparency in the election process. We also need to understand the impact of social media and its scale with regards to voter manipulation. that does not necessarily have to do with cybersecurity per se.
Joni: Cybersecurity is critical for elections! Verifying data of voters for example. But also for the echo chamber of information that is shared online. The need for better and stronger cybersecurity can not be overstated. This is not only true for elections but for data in general. We are swimming in information and starving for wisdom. (Not my quote but it fits)
Anonymous: Cybersecurity is critical to ensuring the integrity of elections globally. If that integrity is jeopardized, we cannot trust the outcome of our elections.
IDV: Seems everyone was sent home earlier this year, and security and identity teams had to adapt. Will it be more of the same in 2021 and did we get smarter about remote work security?
Bertrand: Many companies were forced to evolve to “remote work ready. They did that probably without all cybersecurity properness. We should focus efforts helping them.
Joni: It will continue for 2021 and I believe that we are getting smarter. Securing continuity of a workforce is also securing the economy.
Steve: TBD. The pandemic has a long way to run.
IDV: How can we possibly thwart or curb black-market demand for personal information?
Joni: Tax personal data collection
Anonymous: Make it impossible to use in order to devalue it.
Steve: Long term we must defuse stolen data. We must make it systematically difficult to replay stolen personal data behind our backs. This is actually a very simple problem. It’s been solved before by the payment card industry. Credit card numbers in chip-and-PIN cards is THE SAME INFORMATION as in mag stripe cards but it’s next-to-impossible to clone a chip card. A chip card presents cardholder detail to a terminal in a dynamic verified way that proves the origin of the data. We should transition ALL PERSONAL DATA presentation to the same technology: personal cryptographic chip devices (mobile phones) and verified credentials issued by reliable sources (institutions) and data sources. I guesstimate the transition would take 7 or 8 years. It would stop 90% of identity related crime.
IDV: Is AI destined to collide with cybersecurity or can they work together?
Anonymous: They can and must work together. AI is a critical enabler for improved cybersecurity and the only viable way to deal with the sheer volume of security events on our networks. We have to be able to look at everything that is going on in the environment to spot the troublemakers.
Joni: A little bit of both. Important work needs to be one with real world implications and with recognition that unintended consequences will happen. Special attention needs to be paid to help ensure that those who suffer in today’s society don’t suffer even more with the advent of AI. We must do better in this space.
David: They should work together but there’s a fine line AI shouldn’t cross.
IDV: What is the one thing every enterprise should do this week to mitigate cyber risks?
Steve: Update and patch their systems.
Nitika: Turn on MFA.
David: Hire a red team, assume you will be hacked, and put in place a risk assessment framework.
Anonymous: MFA Everywhere. Do it now.
Joni: Turn on 2FA for your clients. Do it now. Did you turn it on yet? What are you waiting for?
We know that we need to get better at defending ourselves and our enterprises against security attacks. It is important to work together as an industry to make improvements, support those that need it, and first and foremost – turn on multi-factor authentication! Here’s to championing this ongoing battle, our contributions to the fight, and honoring cybersecurity not only in October but year-round. Stay cyber-aware always!