A credible threat: cyber attacks and stolen credentials

What is your role? – Can you tell me about your career path?

I grew a security career in technology. I chose security technology because it was a challenge – I’m always up for a challenge. Now with 15+ years of leadership experience implementing vendor security risk and assessment programs for startups and Fortune 500 companies, my new position will help define the security and compliance roadmap for SecureAuth’s product portfolio. I want to deliver best-in-breed security solutions and continue its momentum in preventing the misuse of stolen credentials.

Danielle Jackson, CISO, SecureAuth
Danielle Jackson, CISO, SecureAuth

What is the current state of the security industry?

Billions are spent on network and endpoint security, yet breaches still occur and are on the rise. It seems like there’s a new major breach every month that we read about in the news. 63% of all breaches involved the use of stolen credentials, which is a huge element that cannot be stopped by network or endpoint security.

Historically, two-factor authentication (2FA) was the answer, but it causes an undesirable balancing act between security and usability, where neither could be maximised at the same time successfully.

>See also: Women in IT Awards 2017: winners revealed

Forward thinking organisations are moving towards a fundamentally new approach to identity and access management by deploying adaptive access control methods and multiple pre-authentication risk checks, which provides both high security and great usability, while being flexible and adaptable to existing infrastructures.

What security challenges are businesses facing?

One of the biggest security challenges is attackers simply walking through the front door with stolen, valid credentials. As I just mentioned, stolen credentials are used in 63% of cyber attacks which is far too high. I am committed to growing a secure solution with a friendly user experience to help reduce security risks and impacts imposed to organisations by the misuse of stolen credentials.

How can businesses ensure they remain compliant with constantly changing data privacy laws?

It’s definitely a challenge but there are a few approaches, depending on the size and maturity level of the business that may work. Enterprises that are larger in scale and have a strong global presence often have legal teams, privacy officers, and compliance personnel dedicated to keeping organisations up-to-date with data privacy regulations.

I would encourage security and compliance teams that are a part of these enterprises to leverage their legal teams for guidance and support. For those entities that are smaller in scale or those that may not have the funding or staff to support a dedicated team or privacy officer position, I would choose a security framework and attest to a compliance audit annually.

>See also: Chief of MI6 reveals real-life ‘Q’ is female in rare speech at 2017 in Women in IT Awards

I would also recommend that smaller organisations go above and beyond what is expected for data privacy protections. This usually provides additional cover in the areas of security and confidentiality of systems and data.

What is the best solution?

Every organisation has unique security needs and the IT security team needs to advise board members whether an off-the shelf solution is the best answer in the face of the full-threat landscape, or if more needs to be done.

Adaptive access control delivers stronger security that can work behind the scenes, both staying out of the way of the user while also providing better user experience, rather than forcing a tradeoff as traditional approaches do.

I want to ensure our customers have the right fit of compliance programs and enable CISOs to better secure their organisation with the highest of security that is both cost efficient and user friendly for their end users.

>See also: Out of her shell: Women in IT Awards’ CIO of the year

As a woman you are in a fairly unique position, in that you are in a senior position in a tech company. Can you comment on the gender gap in the IT industry – why is this the case?

Historically, technology has been a male dominated field…and still is. Security wasn’t always an industry or organisation that was well-funded or supported, often taking talent and budget from technology.

With more men in the workplace during a time when cyber security was not in most enterprises, it’s natural to have seen more men filling security roles. However, over the last five years, I’ve noticed a significant increase of women in tech. I hope this trend continues with women in cyber security filling the large disparity between male and female security professionals.

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...