Play all audios:
BY JAMEEKA GREEN AARON, CISO, AUTH0 Let’s cut straight to it. As security professionals, we’re seeing a massive increase in cyberattacks across the globe. Ransomware, in particular, is
hitting every industry — something we never thought could really happen to us, but which is costing a lot of money and time. Throw in the aggressive cyber warfare that’s being launched by
Russia against Ukraine, that’s already spilling out to wider digital assets, and you have a situation where collaboration between security professionals is essential. Not only is
collaboration needed, but we need to be doing more to shoulder the responsibility we all have to better educate consumers about the dangers facing them. So what does this look like in
action? Recent events reinforce the need for collaboration within our industry and networks. It’s never been the time, and it certainly isn’t now, to be protective, to worry only about our
own security postures. I don’t see other companies as competitors, I see criminals as the competitor to all of us. For those worried about the business impact of collaboration, don’t be. At
the end of the day, it’s important that consumers have a choice in the services they use. This competition fuels everyone to create better products, to remain ambitious, which works out
well for everyone at the end of the day. When it comes to collaboration, start thinking about how you can share the data you have for the good of everyone. At Auth0, we have the benefit of
seeing the scale of cyber attacks attempted through the authentication process, with our software tackling millions of credential stuffing attempts weekly. Last year we launched our first
‘State of Secure Identity’ report, where we shared as much internal data on the scale, methods and makeup of those attempting to commit cyber attacks against our customers. It’s your chance
to be transparent and build consumer trust. As well as larger reports, look into the other ways you can consistently share information with the security community. Regular blogs, networking
events, and podcasts are all ways in which you can keep a dialogue up. Another important factor is getting your technology into as many hands as possible, especially with non-profits and
other sectors that may struggle to afford it. Make it as cheap as possible, and make sure you’re making everyone’s security posture as strong as you can. This is not only a good thing for
improving everyone’s overall security, but it’s the right thing to do. It’s our responsibility as security professionals to do it. Talking of responsibility, the other thing we all need to
be doing is taking more for the education of consumers. It’s not right for companies to shirk the responsibility of educating consumers. To simply expect them to read through ten pages of
dry privacy documentation, or to suddenly feel comfortable using MFA because your app pushed it on them one day. Take banking for example. Consumers are being constantly targeted via SMS
fraud, with many losing money in the process. It’s on the banks to educate consumers. They should be actively, and constantly, sending emails and correspondence to consumers about the
threats to watch out for, not just once a year as part of a cyber security month campaign. This is a worthy investment, that is honestly a drop in the ocean compared to the costs of a
significant breach. So how do we reach consumers? We have to meet them where they are, and think a little outside the box. We need to be investing in advertising that is not just pushing our
products, but educating consumers to be better aware of best practice security across the board. This benefits everyone, so don’t just think about whether it’s reaching the people who buy
your product. We need to take a grassroots way of working, as currently the majority of security professionals and organizations are bad at it. The main thing is recognising there is a
diverse range of demographics and personalities, who are all going to need educating in different ways. So speak with community leaders, bring in external voices that can educate YOU on the
best ways to educate others. Ultimately, it’s our responsibility to invest in that education, or we’re not only making things harder for ourselves further down the line. Responsibility does
not end with education, it ends in the security technology we invest in and build. When it comes to this, there’s still a lot we need to be doing. Take biometrics for example. They’re a
fantastic form of security when it comes to authentication, but they don’t work for everyone yet. I don’t use facial biometrics as they don’t recognise black faces well. This is not
something that is sustainable, technology has to be inclusive and adoptable for the masses. We also need to make technology readily available for consumers that makes it easy for them to
practice safe behaviors. Password managers are a great example of something which everyone should have, so the cheaper and easier we make it to use them the better. Auth0 has also developed
a technology, Credential Guard, that makes it easier for platforms to automatically identify and flag when consumer credentials have been compromised. This is a technology that is easy to
bake into security postures, but which has a massive impact on consumers without them having to do anything – the holy grail of security when it comes to reducing friction. As a security
professional, if all you’re doing is thinking about your product and your customers, then you’re going to fail. What we need right now is collaboration, and a willingness to accept the
responsibility that we all have to make security work for everyone.