If you missed the Security Symposium last week, it was a good one. We hosted IT and security professionals from around the Boston area in our headquarters here on Summer Street for a panel on cyber security, followed by a networking hour.
To our panel, we welcomed Stephen Boyer, Co-Founder and CTO at BitSight, and Gaurav Tuli, Principle at F-Prime Capital Partners, who joined our very own Gerald Beuchelt, CISO at LogMeIn, and Sandor Palfy, CTO, Identity and Access at LogMeIn, for a discussion on the key challenges and trends they’re finding while trying to protect their companies’ critical infrastructures.
Cyber security – this is a topic that used to be reserved for only the most technical network and security engineers. In 2018, a world racked by data breaches and ransomware hacks, cyber security is now top of mind for every IT team no matter the size of their business, and even consumers. With that, we took the panel asking our experts some of the hot questions.
Security and Consumers
Guarav Tuli from F-Prime Capital pointed out that people are becoming more and more comfortable with having their passwords stolen. It’s a scary place to be. One of the easiest ways to prevent against that? Add multi-factor authentication to your accounts. As a security-minded group, we all take MFA for granted – it’s so easy, how could you afford not turn it on? Stephen Boyer from BitSight notes that not everyone thinks this way and MFA simply hasn’t caught up with consumers yet, with a nod to the fact that only 10% of Gmail users have turned MFA on for their account.
So what has to change? According to Sandor Palfy, the user experience of MFA and security tools is critical. They must be easy to use and approachable. Otherwise, consumers will continue to ignore the MFA on their Gmail and more, making this even more of a hacker-friendly world.
The Passwordless Future
It’s hard to talk about cyber security and not mention the passwordless future. It is the buzziest of all buzz terms right now. Sandor cautioned us not to move so quickly away from passwords and into the arms of biometrics. For example, consider if you’re the victim of a breach where your fingerprint authentication was hacked. You can’t turn in your fingerprint for a new, more complex one, as you can with weak passwords that have been compromised.
Guarav took a different approach, commenting on the cost-effectiveness of passwords, and the cost to replace them. He argues not to replace them, but rather, use them as part of the authentication process. First come passwords, then come biometrics as an additional layer of security of your accounts.
The reality is, we’ve already lost control of our passwords, but willingly giving that control to a 3rd party service, like a password manager is a whole other step. And it all comes down to trust. Rachael Stockton, Director of Product Marketing for LastPass at LogMeIn and the panel’s moderator pointed to smartphones as a parallel example of this trust. We all own smartphones and they’re filled with phone numbers. How many of those numbers have you memorized? Probably only a handful, if that, which means you’re trusting your device to store those numbers for you. Gerald Beuchelt commented that we don’t need to trust the device, but rather the service behind it. You must trust in the service, along with their certifications, validations, and technology.
There will always be more to say about cyber security and we look forward to more great discussions with all of you and experts like our panel. For those of you who joined in person, we loved seeing you and can’t wait to host another one!