Staying safe online by bringing nonstandard applications into the identify lifecycle
This year marks the 20th Cybersecurity Awareness Month, and today, the prevailing theme, "It’s easy to stay safe online," remains a timely reminder. The message is clear: online safety can be achieved with the proper knowledge and tools. This comes with a bit of a caveat, however, as many of our current security processes are manual and rely on the end user's discretion and action, such as turning on MFA. Adding further complexity is the ever-growing challenges posed by nonstandard applications, which do not work with established security standards like single sign-on.
A report by Netskope paints a grim picture with its concerning findings. For instance, the report found that 97 percent of apps used within enterprises operate outside the traditional identity perimeter. While the ubiquity of these nonstandard applications is undeniable, the lack of oversight in their security is alarming. The Ponemon Institute's research reveals that only 34 percent of organizations are proactive in prioritizing the security of nonstandard applications. When educated on the risks, this figure jumps dramatically to 82 percent. People care once they understand the impact on the business.
Nonstandard applications predominantly rely on traditional access methods like usernames and passwords. This dynamic often paves the way for password reuse, one of the leading causes of breaches. The importance of an identity-integrated password manager becomes glaringly evident, especially when considering the role of human error, which contributes to 74 percent of security breaches (2023 Verizon DBIR). The rise of sophisticated AI techniques also poses a newer, more convincing phishing threat. In this landscape, password managers emerge as a critical line of defense.
Yet, it's essential to understand that password managers are not created equally. The most effective solutions go beyond the basic function of storing passwords. With zero-knowledge encryption as the bedrock, they should automate vital security tasks like enabling MFA, automating password rotations, allowing shared account access, and integrating seamlessly with identity providers.
There's a common misconception that the digital world is rapidly moving away from passwords. While it's true that a limited number of applications support emerging standards like passkeys, an exponentially more significant number of corporate applications do not. Applications in this category range from banking apps to social media and are years away from making this transition, accentuating the importance of strong passwords and the role of password managers.
Expecting end-users to be primarily responsible for implementing security measures is fundamentally flawed. The Ponemon Institute's findings call this out, noting that while 57 percent of organizations have policies requiring MFA, only 28 percent enforce it. Knowing this, the path forward to staying safe online seems clear: strong passwords, MFA, and password managers that automate the heavy lifting normally left to end-users. In today’s world, such tools are not a "nice to have" but a business imperative.
As advocates for cybersecurity, our mission is not limited to just one month of cybersecurity awareness. The digital landscape constantly evolves, bringing forth new challenges. The lessons and practices emphasized during Cybersecurity Awareness Month should echo throughout the year, prompting continuous vigilance and proactive measures. The path to robust online security is through persistent education, automated security, and collective responsibility. This October, let's pledge to champion these principles all year round.
Belsasar (Bel) Lepe is the Co-Founder and CEO of Cerby, bringing extensive experience in building large, multinational businesses and technology teams. He previously co-founded and served as CTO at Ooyala, leading a global engineering and design team of 300 spanning five countries and seven offices. The company achieved two successful exits totaling over $440M. Before that, Lepe led Impira’s product team, which drove a 4X revenue increase for the company. He served as a Google engineer earlier in his career, working on Enterprise Collaboration products. Lepe studied Computer Science at Stanford University and is an active advisor and investor in startups, primarily focusing on Latin America.