SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image

Experts urge tech firms to prioritise secure-by-design principles

Wed, 19th Jun 2024

In an era of accelerated technological advancements, recent incidents involving data breaches and security vulnerabilities have exposed critical challenges in the tech landscape.

Notable industry leaders have weighed in on these concerns, underscoring the urgency to strengthen identity security and implement multifactor authentication (MFA) among other robust security measures.

Jim Alkove, the CEO of Oleria and formerly the Chief Trust Officer with Salesforce and Corporate Vice President of Enterprise Security for Microsoft, has expressed pressing concerns over the rapid integration of artificial intelligence (AI) into software without adhering to rigorous secure-by-design principles.

Alkove notes, "Rushing to build AI into software without stronger secure-by-design principles is like running with scissors - one wrong move can lead to disaster." He points out that the hasty adoption of AI by tech companies over the past 18 months has unveiled significant security risks, exemplified by Microsoft's rush to disable the Recall feature on its new Co-Pilot due to potential vulnerabilities.

Alkove adds that the tech industry's penchant for prioritising innovation over security has led to the accumulation of ignored tech debt. He urges companies to address these vulnerabilities urgently, emphasising that organisations can no longer afford complacency in the face of AI's transformative impact.

"Enterprises must recognise the rapid impact of AI and address their tech debt," Alkove states. "Every CISO today maintains a risk register of issues that need fixing, but the uncomfortable reality is most teams aren't prepared to shift gears and address issues faster."

Recent breaches, such as the Midnight Blizzard incident, spotlight the critical need for stronger identity security measures and expansive coverage of MFA. Alkove highlights that 80% of all security breaches involve compromised identities, noting that "attackers are no longer just hacking in - they're logging in."

His previous enforcement of mandatory MFA for Salesforce customers exemplifies his strong belief in this security measure. He reiterates, "Mandating MFA is a no-brainer - like locking your doors at night."

Sharing these sentiments, Stuart Wells, CTO at Jumio, provided insights into the recent Amtrak breach. This breach compromised sensitive customer information including names, rewards numbers, birth dates, and credit card details, marking yet another attack on Amtrak's reward system after a previous one in 2020.

Wells observed that travel loyalty programs are becoming increasingly attractive targets for threat actors due to the high value of rewards points, which can be easily converted and sold. "It's particularly tough on travellers who have worked for months, or even years, to accumulate loyalty points and status through regular trips," Wells explained.

Wells also stressed the importance of advanced verification technologies to safeguard user data against evolving cyber threats. He argues that implementing robust identity verification systems, particularly those utilising biometric methods, can significantly mitigate fraudulent activities.

"This approach protects consumers from having their personal details disclosed from compromised accounts and provides a very effective solution to combat fraud," Wells stated.

The impact of these breaches is compounded by the demands of cyber criminals who have hijacked customer data. In the recent Snowflake breach, attackers are extorting payments ranging from USD $300,000 to USD $5 million from targeted companies.

Jay Mar-Tang, Field CISO from Pentera, emphasised the importance of multifactor authentication as a foundational element of the zero-trust security framework. "Multifactor authentication is a foundational concept of the zero-trust framework and should always be enforced on accounts. If your cloud partner or service provider isn't enforcing it, you should be proactive in enacting it yourself," Mar-Tang advised.

These expert opinions underline a pressing need for organisations to recalibrate their cybersecurity strategies. As the frequency and sophistication of cyber attacks continue to rise, prioritising secure-by-design principles, adopting multifactor authentication, and employing advanced verification technologies emerge as essential steps to safeguarding sensitive information and maintaining trust in a digitally interconnected world.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X