View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 22, 2017updated 03 Oct 2017 4:27pm

Data breaches are the nature of the beast, says OneLogin CEO

CBR spoke to the CEO of OneLogin, to gain insight on how a security moves forward from a data breach.

By Tom Ball

Amid the maelstrom of tech change that the world is navigating, data breaches have become common and powerful, leaving nobody safe to guarantee impenetrable security.

Security companies themselves are not exempt from this rule, with OneLogin, a company centred upon managing enterprise identities, passwords and logins also falling victim to a breach earlier this year.

With OneLogin dusting itself down from the disastrous event, CBR had the opportunity to speak to the CEO of the company, Brad Brooks, who gave us insight into the breach which impacted thousands of OneLogin customers and, more importantly, what it takes to move on boldly from an event such as this.

“You hear it time and again, whether we like it or not, a data incident like what we experienced, every company is probably going to go through it at some point. It is the nature of the beast, there is just too much surface area that is out there,” said Mr Brooks.

Data breaches are just the nature of the beast, says OneLogin CEO

Brad Brooks, CEO, OneLogin

“How we went through it, and the fact we went through it is unacceptable. We do not ever want to repeat it again, but at the same time just like anybody that has been through a life changing experience in their personal life, once you have gone through it and gotten to the other side, you have become a stronger, better person because of it. We have certainly become a stronger, better company because of it.”

With cybersecurity awareness still lacking across the world, an organisation hit by a data breach is forced to learn quickly, and in a primal way, as an animal learns to avoid poisonous plants in the wild. When hit by a breach an organisation is faced immediately with the reality of the cyber threat, and must work hard to retain credibility.

Mr Brooks outlined the approach taken at OneLogin to re-establish some security confidence., he said: “We have had preeminent experts in the field come in and audit our entire process, everything from our product and how it is coded, to the processes of how we run our business, to social penetration testing, having mystery people come into our offices and try to gain access.”

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

“We have gone through all of that over the last several months to find out every potential area where there might be an issue. We have come up with a whole set of remediation steps, everything about how we encrypt data, to the level of encryption, to how we wall off access to certain parts of the product.

“We are hiring new resources specifically around security, and upgrading them with a security first mind-set like a company of ours need to do. It is the top priority for us, we will continue to learn going forward, we have no expectation that we will ever be breached again, but at the same time, we have to manage like it could happen at any moment.”

NCSC Director: Imminent ‘category one’ cyberattack will be undefendable
Windows XP puts UK police at ransomware attack risk

Despite employing expansive new precautions and testing in the defence of an organisation against data breaches, the inability to guarantee security remains. The OneLogin CEO outlined the reasons that anyone would be naïve to guarantee security.

“Two things will happen if you say that, number one is that you will paint a bull’s-eye on yourself that will make every hacker out want to prove that you are wrong, and the second thing is, it has a way of creating a false sense of security and lack of paranoia that you do not want to permeate the company with,” Brooks said.

Topics in this article: , , , ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU