Always on the agenda: A gated house without a fence

In this month’s edition, we want to highlight the false sense of cyber security that can arise from working with a security system. For Cyber Security Awareness Month, NIST listed four key behaviors, one being the use of strong passwords and password managers. The linked article broke down advantages of password managers, and even listed providers, such as the company 1Password. But just weeks ago, Okta who provide 1Password with single sign-on technology, suffered a breach in its case management system, making 1Password, Beyond Trust, Cloudflare and several of their clients targets in a hacker attack.

Despite being exposed to threat actors, all three companies have ensured that none of their clients in turn were affected. Okta on the other hand saw shares drop more than 11%, and its market valuation has shed more than $2 billion. This is just the latest in a line of high-profile hacks against Okta, that has over 18 000 customers. Earlier this year, another hacker attack affected casino giants Caesars and MGM. The direct and indirect losses from those incidents totaled over $100 million, not to mention the loss of customer trust and reputational damages to the brand.

Having applied a program or a service, it’s easy to fall into a false sense of security, but securing data isn’t something to be done once a year. Cyberattacks are becoming more frequent and sophisticated in a rapidly evolving cybersecurity landscape. And as Forbes pointed out: No matter how profitable a business is, a cyberattack can eliminate that success virtually overnight. Switching from a reactive to a proactive safety-first mindset will build resilience with better business as an outcome.

By breaking down what data is crucial to the business operations, the results will indicate what to prioritize, and what level of investment is needed. Implementing that into structures such as the NIST Framework will create a holistic approach that any business or organization will benefit from. But even in building a stable framework, one has to remember that the human factor will always be the weakest link. Cyber security starts and ends with every single one of us taking responsibility and working actively to protect our digital assets.

Since the attack on Okta, password manager solution providers have teamed up with PONE to evaluate the OFFPAD. By trading passwords for biometric passkeys that seamlessly integrates into the operation’s IT infrastructure, we might come to find that the best password for your passwords is no password at all.