In this Spotlight edition of the Security Ledger podcast, Rachael Stockton of LastPass * joins us to discuss the myriad of challenges facing companies trying to secure users’ online activities, and simple solutions for busting insecure user behaviors to address threats like phishing, account takeover and more.
Twenty years ago, if you ran a business, user authentication was a pretty straight forward prospect: tools like Active Directory (or a predecessor) stored user identities that were used to access local endpoints (desktop or laptop computers) and gain access to shared network resources: application servers, file servers, email and so on.
This was all pretty straight forward. From your perspective: your team owned the network and the IT assets that those applications ran on. A perimeter protected your business from the Internet and your workers worked – for the most part – at the office.
The world has changed tremendously since then, as has authentication. A firms standing up an IT operation in 2019 will likely own few IT assets aside from the systems its employees use. Most every application employees use to do their job will be delivered as a service and – likely – run off of cloud services operated by a third party provider.
Employees also will work from everywhere. Home, remote offices, coffee shops and cars- and do so using laptops, mobile devices and more. Personal and professional activities intermingle seamlessly -often just a browser tab away from each other. Hackers and other malicious actors have taken notice: leveraging stolen credentials from consumer sites to compromise corporate networks and setting up “watering hole” attacks to harvest sensitive logon information from employees.
All that makes once straight forward questions about authentication much, much more difficult, while human behavior remains just as hard to change. Rachael Stockton of LastPass notes that authentication technology has to adapt to the new ways that people work and the threats that companies face. “Every employee is a potential entry point (for hackers),” Stockton told me.
I think there’s a difference between the password going away – so not having a password – and us not caring that we have a password anymore.– Rachael Stockton, LastPass
What is the best way for companies to address authentication and identity challenges? Stronger authentication is a good first step. Added layers of security such as two factor authentication can radically reduce or even eliminate whole categories of online attacks.
Still, users are reluctant to change (or break) bad habits, even when they know they’re insecure. In this spotlight podcast, we invited Rachael back into the Security ledger studio to talk about why insecure practices persist in enterprises and how best to break users of their bad habits.
Rachael and I also talk about practical steps that organizations can take to improve your employees online security including better user education, incentives and gamification to more streamlined authentication and single sign on tools.
(*) Disclosure: This podcast was sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.